In January, a state-sponsored hacking group from China known as “Hafnium” discovered 4 “zero-day exploits” in Microsoft’s Email Server software called “Microsoft Exchange.” You may have heard about this in the news, and you are probably asking whether you should be worried. Here’s the short answer to that question.
What’s a “Zero Day Exploit?”
We usually count how old a vulnerability is in days. A problem that’s still around after 60 days is well, a 60-day exploit. In comparison, a “Zero Day Exploit” isn’t known to anyone (except the hacker who found it) is brand new.
Zero Day Exploits are our worst nightmare. Antivirus doesn’t work. Firewalls often don’t work. There is no way to prevent them because we don’t know about them until some hacker uses them to crack open our systems. The only remedy to Zero Day Exploits is for the software company (in this case, Microsoft) to try and fix the weaknesses in the software code as quickly as possible–and then get it sent to all its clients to install as quickly as possible. Hopefully, there are some ways to stop the attackers until all these patches are installed.
About this Exploit
Microsoft first became aware of these 4 Zero Day Exploits sometime around January 6, 2021. Microsoft probably began to feverishly analyze the problems and hoped to keep the problems secret so that other hackers and ransomware criminals wouldn’t jump on the bandwagon. (So we’re now into “Day 60” of the exploit.)
Typically, patches are released in stages. The first release is a frantic attempt to lock out the hackers even if it means turning off some of the software’s features. Then subsequent releases that are more thoroughly tested will try to add these features back in. Even once final patches are installed, it doesn’t mean that the attackers didn’t extract a company’s data. Attackers often install a “back door” into systems so they can come back later for more data. Patches don’t remove back doors.
Should You Be Worried?
If your company uses Microsoft Exchange, then yes. As of March 8, estimates were that 30,000-60,000 companies have had their email systems raided already. Microsoft has provided some tools for System Administrators to assess whether their systems have been hacked. These tools aren’t 100% accurate, but they are a place for companies to start in determining their risk exposure.
Microsoft Exchange is one of the top 3 mail server environments worldwide. But if you company does not use Microsoft Exchange for its email system, then this issue doesn’t affect you. If your company uses Google Workspace (including Telus.net), Yahoo Mail (now Verizon), iCloud Mail, or a bunch of free email services (other than Microsoft, Hotmail, Outlook,com, or Live, com), then you’re almost definitely safe.
Even if you use Microsoft Outlook as your email reader but you don’t connect to an Exchange Server, you will be safe. While Outlook is a Microsoft product, it can be used to read mail from many different servers (including Google). This exploit only seems to affect Exchange, not Outlook.
Even if this hack doesn’t affect your company, don’t get too cocky. Zero day exploits will happen again. The important thing is to stay up to day with security notices, and always keep your system patched with all the critical and serious patches that the software vendor puts out. And as we discussed, sometimes patches come in rapid succession to fix a problem. Stay on top of the news and keep your patch release current.
For more information, read here.