Security Bulletin: Security Vulnerability Issue - Microsoft Exchange eMail Servers
March 4, 2021
BC Housing would like to make you aware of a significant 0-Day security vulnerability if your organization is utilizing an on-premise version of Microsoft Exchange for your email

A 0-Day vulnerability means a recently discovered vulnerability or exploit for a vulnerability that hackers can use to attack systems. These threats are incredibly dangerous because only the attacker is aware of their existence. We strongly advise that your IT service provider or IT department review your email systems for the presence of this vulnerability and apply the recommended fixes. For those solely utilizing Office 365 for email, you are not affected by this attack.


Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.


For more information regarding this threat, please see the following blog post from Microsoft HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security


If you require any guidance, please feel free to reach out to the Housing Provider Technology Support team (HPTECHBC) through our Contact page.


If you are not the right person in your society to receive this email, please forward to the appropriate person.


Stay safe and secure!

Please help us improve our website by providing your feedback

Please help us improve our website by providing your feedback