Skip to content
March 13, 2021

Sophos: Hafnium ALERT: Recommendations to remediate Exchange Server vulnerability


On March 2nd, zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019 were publicly disclosed. These vulnerabilities are being actively exploited in the wild by Hafnium and other threat actors.

Sophos strongly recommends you take this threat seriously and act immediately, if you have not already done so. Whether that is educating your customers using the links below, or taking action if you manage their infrastructure. Sophos is regularly updating the Hafnium articles with the latest information and detections.
HAFNIUM: Advice about the new nation-state attack  
Protecting Sophos Customers from Hafnium  
Serious Security: Webshells explained in the aftermath of HAFNIUM attacks  
Naked Security Podcast S3 Ep23: Hafnium happenings, I see you, and Pythonic poison  

Actions to take if you manage customer infrastructure

Security best practices state you should assume your customers are impacted and act accordingly. At a minimum you should:  
• Backup Exchange/IIS Server logs then patch all Exchange servers  
ο Patching only ensures that your customer cannot be breached again. If they have already been breached, they will continue to be vulnerable even after patching  
• If your customer has a Sophos EDR product, perform a threat hunt by running queries to determine the possible exposure  
• Remove web shells and change passwords on all Exchange Servers  
• Ensure endpoint protection is deployed on all endpoints and servers  

The Sophos Managed Threat Response (MTR) team has published detailed guidance on how to respond to Hafnium. If you or your customers need expert assistance to determine exposure or remediate the situation, there are services available to help:  
• Managed Threat Response (MTR) – a managed security service that can perform threat hunting to identify adversarial activity in your environment and neutralize the situation  
• Rapid Response (RR) – If you have identified an active attack in your environment and need immediate assistance to neutralize the attack, this service is available

Previous article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts

See more

Featured collection

  • Sophos XGS 107 / 107 Wireless By Sophos - Buy Now - AU $782.76 At The Tech Geeks Australia
    Sophos XGS 107 / 107 Wireless By Sophos - Buy Now - AU $782.76 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 107 / 107 Wireless

    $782.76 - $1,192.00
    $782.76 - $1,192.00
    $1,172.00
    $782.76 - $1,132.00
    $782.76 - $1,132.00
    $782.76

    The Sophos XGS 107 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $782.76 - $1,192.00
    $782.76 - $1,192.00
    $1,172.00
    $782.76 - $1,132.00
    $782.76 - $1,132.00
    $782.76
    Sale Sale
  • Sophos XGS 116 / 116 Wireless By Sophos - Buy Now - AU $997.55 At The Tech Geeks Australia
    Sophos XGS 116 / 116 Wireless By Sophos - Buy Now - AU $997.55 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 116 / 116 Wireless

    $997.55 - $1,887.00
    $997.55 - $1,887.00
    $1,886.00
    $997.55 - $1,792.00
    $997.55 - $1,792.00
    $997.55

    The Sophos XGS 116 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $997.55 - $1,887.00
    $997.55 - $1,887.00
    $1,886.00
    $997.55 - $1,792.00
    $997.55 - $1,792.00
    $997.55
    Sale Sale
  • Sophos XGS 87 / 87 Wireless By Sophos - Buy Now - AU $596 At The Tech Geeks Australia
    Sophos XGS 87 / 87 Wireless By Sophos - Buy Now - AU $596 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 87 / 87 Wireless

    $596.00 - $990.00
    $596.00 - $990.00
    $983.69
    $596.00 - $940.00
    $596.00 - $940.00
    $596.00

    The Sophos XGS 87 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xst...

    View full details
    $596.00 - $990.00
    $596.00 - $990.00
    $983.69
    $596.00 - $940.00
    $596.00 - $940.00
    $596.00
    Sale Sale
  • Sophos XGS 126 / 126 Wireless By Sophos - Buy Now - AU $1356.15 At The Tech Geeks Australia
    Sophos XGS 126 / 126 Wireless By Sophos - Buy Now - AU $1356.15 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 126 / 126 Wireless

    $1,356.15 - $2,487.00
    $1,356.15 - $2,487.00
    $2,484.00
    $1,356.15 - $2,362.00
    $1,356.15 - $2,362.00
    $1,356.15

    The Sophos XGS 126 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $1,356.15 - $2,487.00
    $1,356.15 - $2,487.00
    $2,484.00
    $1,356.15 - $2,362.00
    $1,356.15 - $2,362.00
    $1,356.15
    Sale Sale
  • Sophos XGS 136 / 136 Wireless By Sophos - Buy Now - AU $1714.74 At The Tech Geeks Australia
    Sophos XGS 136 / 136 Wireless By Sophos - Buy Now - AU $1714.74 At The Tech Geeks Australia
    Sale Sale

    Sophos XGS 136 / 136 Wireless

    $1,714.74 - $3,914.00
    $1,714.74 - $3,914.00
    $3,913.00
    $1,714.74 - $3,718.00
    $1,714.74 - $3,718.00
    $1,714.74

    The Sophos XGS 136 Firewall Appliance is built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xs...

    View full details
    $1,714.74 - $3,914.00
    $1,714.74 - $3,914.00
    $3,913.00
    $1,714.74 - $3,718.00
    $1,714.74 - $3,718.00
    $1,714.74
    Sale Sale
Shop collection