Following widespread hacking from the Hafnium group and, perhaps, other groups, Microsoft is now offering the same patch for the no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.
Issuing a patch for products that are no longer supported is not common for any vendor. But the four vulnerabilities first used in the wild by Hafnium have reportedly been used to hack tens of thousands of servers.
Patches for Exchange Servers 2010, 2013, 2016 and 2019 can be downloaded here.
Microsoft attributes Hafnium to a state-sponsored Chinese group. But security vendors have identified several clusters of activity using the vulnerabilities that do not neatly match the Hafnium tactics, techniques, and procedures. That may mean other groups are in play.
Microsoft has been adamant about the importance to apply these patches as quickly as possible. Experts warn that many of the organizations being breached would not be traditional targets of a covert nation-state campaign, possibly due to identifying targets through an internet scan, and that everyone needs to patch. They also warn that patching is not enough to stop an attack in progress and that it is important to look for malware that has already been installed even as defenders cut off access for new malware to be installed.
