You may have seen headlines over the last couple weeks regarding a massive-scale attack (known as the Hafnium attack) on organizations running Microsoft Exchange Email server. Earlier this month, Microsoft acknowledged and released patches for the vulnerabilities for Exchange versions going back 10 years. Krebs on Security has a lot more technical detail as well as a basic timeline of things. Microsoft recently released a one-click mitigation tool for organizations that are still running in-house email via Microsoft Exchange.
With these headlines, we have received email from more than a few clients asking if this affects them. If you are using Microsoft Office 365 for your email (which would include the bulk majority of you reading this), you are not affected by this attack. The attack is only targeting and affecting in-house email servers and we’ve migrated nearly all of our clients off those solutions. If you’re using Office 365 for your email, this attack doesn’t affect you. That being said, we still recommend avoiding phishing attacks and locking down your Office 365 accounts with MFA to prevent future issues.
For the few CompleteCare clients of ours who still have in-house Exchange servers, our security tools actually caught and mitigated the worst of it before it became a real mess (and we were installing patches and further locking things down as soon as the Microsoft patches were released and continue to monitor the situation). If you’re not a CompleteCare client but are interested in becoming one, email our sales team today.
Don’t hesitate to let us know if you have any questions at all.
— Your Weston Support Team