Skip to content

WatchGuard: Hafnium Exploit: Important Information You Need to Know

  Last week, Microsoft released a very critical emergency Exchange patch to fix a series of zero day vulnerabilities that attackers could exploit to fully compromise your Exchange server and steal critical information. These flaws pose a severe risk, as state-sponsored threat actors exploited them before Microsoft was aware of the issue, and now the rest of the cyber criminal world is following suit.

To protect your customers, you should patch all on-premises Exchange servers. However, in the meantime, WatchGuard can help. To learn more about this issue, and what WatchGuard products do to help, please check out our knowledge base article on the subject, as well as this Secplicity post.

WatchGuard Protections

WatchGuard has you covered in helping you protect your clients from the Hafnium exploit. Our security solutions have been tested and can defend against this exploit in a variety of ways. 

Panda Adaptive Defense 360
Features detections for the PowerShell payloads and many of the webshells involved in this attack. The layered protection model of Adaptive Defense 360 will protect endpoints from being compromised by this attack. Used in conjunction with the Patch Management module, you will be able to defend your clients against the exploit and efficiently patch their endpoints as well.

IPS
Firebox’s Intrusion Prevention Service (IPS) has signatures that detect and block the first stage in the attack’s exploit chain.

Gateway AntiVirus
Multiple signatures to detect and block the webshells used in the attack.

APT Blocker
APT Blocker successfully detects the malicious PowerShell backdoors used in this attack.

Firebox Access Portal and VPN
The first attack stage for this threat requires an Exchange server exposed to the Internet. You can mitigate this stage of the attack by protecting the Exchange server behind the Firebox’s Access Portal on supported appliances.



Previous article WatchGuard - Legacy TDR UI no longer available as of 1 July 2021
Next article Migration action for TDR Integration into WatchGuard Cloud

More WatchGuard News Posts