Microsoft Exchange Critical Vulnerabilities – March 2021

On Tuesday 2nd March 2021, Microsoft notified their customers of critical vulnerabilities affecting Microsoft Exchange.

We understand that the vulnerabilities were being exploited among a limited set of high-value targets in early January, but that active exploitation has significantly increased as of early March 2021.

Please take the time to consider the effects this may have on your business and the further information released by Microsoft on out-of-band patches to remediate the vulnerabilities.

Microsoft have also published a blog about the attacks: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

In order to protect our customers and lenders, we request you to respond to the following questions by Close of Business, Friday 12th March.