{"id":4277,"date":"2021-03-22T07:44:29","date_gmt":"2021-03-22T12:44:29","guid":{"rendered":"https:\/\/www.stratospherenetworks.com\/blog\/?p=4277"},"modified":"2021-03-19T16:07:55","modified_gmt":"2021-03-19T21:07:55","slug":"microsoft-exchange-server-exploits-faq-how-to-protect-your-business","status":"publish","type":"post","link":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/","title":{"rendered":"Microsoft Exchange Server Exploits FAQ: How to Protect Your Business"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignleft size-medium wp-image-4278\" src=\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-300x171.jpg\" alt=\"An image of a glowing blue padlock superimposed over a server room to symbolize server security.\" width=\"300\" height=\"171\" srcset=\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-300x171.jpg 300w, https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-1024x585.jpg 1024w, https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-768x439.jpg 768w, https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-1536x878.jpg 1536w, https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-2048x1170.jpg 2048w, https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-200x114.jpg 200w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Earlier this month, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/?wt.mc_id=AID3017743_EML_7392183\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Microsoft announced<\/a> that malicious actors were leveraging zero-day exploits to infiltrate on-premises versions of Microsoft Exchange Server. If your company utilizes an Exchange server that hackers could potentially breach via these vulnerabilities, here\u2019s everything you should know about the ongoing attacks, what you can do to fix weak points in your server and how to identify indicators of compromise (IOCs).<\/p>\n<h2>Who\u2019s responsible for the cyberattacks on Exchange servers and when did they start?<\/h2>\n<p>Microsoft attributed the initial attacks to HAFNIUM, a state-sponsored group based in China, according to a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/?wt.mc_id=AID3017743_EML_7392183\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">blog post published March 2<\/a>. However, in a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/12\/protecting-on-premises-exchange-servers-against-recent-attacks\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">more recent post<\/a>, the supplier noted that criminal groups other than HAFNIUM had begun taking advantage of the server vulnerabilities to launch their own cyberattacks, including onslaughts of <a href=\"https:\/\/www.stratospherenetworks.com\/blog\/the-total-cost-of-ransomware-and-how-to-reduce-the-risk-and-impact-of-infection\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a>.<\/p>\n<p>The security firm Volexity <a href=\"https:\/\/www.volexity.com\/blog\/2021\/03\/02\/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">first identified<\/a> suspicious activity on some of their clients\u2019 Exchange servers in January 2021. Microsoft credits both Volexity and Dubex for sounding the alarm on the attacks and aiding with the investigation.<\/p>\n<h2>What are the Microsoft Exchange Server vulnerabilities hackers are exploiting?<\/h2>\n<p>HAFNIUM used the following vulnerabilities to gain access to Exchange servers, according to Microsoft.<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26857\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CVE-2021-26857<\/a>, a Unified Messaging service insecure deserialization vulnerability<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CVE-2021-26855<\/a>, a server-side request forgery (SSRF) vulnerability<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27065\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CVE-2021-27065<\/a>, a post-authentication arbitrary file write vulnerability<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26858\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CVE-2021-26858<\/a>, a post-authentication arbitrary file write vulnerability<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>These vulnerabilities impact Exchange Server versions 2013, 2016 and 2019, as specified in the <a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/03\/02\/multiple-security-updates-released-for-exchange-server\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Microsoft Security Response Center<\/a>. Additionally, Exchange Server 2010 is undergoing updates for in-depth security. These vulnerabilities do not affect Exchange Online.<\/p>\n<h2>How can I fix the vulnerabilities in my Exchange server?<\/h2>\n<p><a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/03\/05\/microsoft-exchange-server-vulnerabilities-mitigations-march-2021\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Microsoft recommends<\/a> moving to the most recent Exchange Cumulative Updates. The Exchange Server Health Checker Script \u2013 available <a href=\"https:\/\/github.com\/dpaulson45\/HealthChecker#download\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">here on GitHub<\/a> \u2013 will tell you if you\u2019re up to date. This script doesn\u2019t support Exchange Server 2010.<\/p>\n<p>The next recommended action is installing the relevant security update on your server. Details on how to do so are available here from the Microsoft Tech Community: Released: <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-march-2021-exchange-server-security-updates\/ba-p\/2175901\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">March 2021 Exchange Server Security Updates<\/a><\/p>\n<p>If you can\u2019t patch your Exchange server with those security updates, the supplier advises enacting temporary mitigations as an interim measure. These include disabling Unified Messaging, Exchange Control Panel (ECP) VDir, and Offline Address Book (OAB) VDir, as well as filtering malicious https requests with an IIS Re-Write Rule.<\/p>\n<p>You can deploy and roll back those mitigations with the <a href=\"https:\/\/github.com\/microsoft\/CSS-Exchange\/blob\/main\/Security\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">ExchangeMitigations.ps1 script<\/a>. Please note that Microsoft advises clients to deploy all of them simultaneously and only as a temporary solution until you can fully patch your server. They are known to affect server functionality. The security patches are the only total mitigation method that doesn\u2019t impact server performance.<\/p>\n<p>Microsoft also notes that these remediation steps won\u2019t help if your server has already been breached and are not guaranteed protection against cyberattacks.<\/p>\n<h2>How do I know if my Exchange server has been compromised?<\/h2>\n<p><a href=\"https:\/\/github.com\/microsoft\/CSS-Exchange\/tree\/main\/Security\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">This script<\/a> from the Exchange Server team can identify IOCs in your Exchange log files. Additionally, the supplier advises scanning your Exchange servers for known web shells with the most current version of <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/safety-scanner-download\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">Microsoft Safety Scanner<\/a>. If your organization utilizes Microsoft Defender or Microsoft Defender for Endpoint, ensure you\u2019ve installed the <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/defenderupdates\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">latest security intelligence patch<\/a>.<\/p>\n<p>To help security teams, Microsoft has also created a feed of observed IOCs. The feed is available through GitHub in <a href=\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">JSON format<\/a> and <a href=\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.csv\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">CSV format<\/a>.<\/p>\n<p>If you need assistance scanning for and evaluating all of the currently known IOCs, our security team already has all of the following detections built out as part of the <a href=\"https:\/\/www.stratospherenetworks.com\/managed-detection-and-response.html\" target=\"_blank\" rel=\"noopener\">managed detection and response (MDR) services<\/a> provided as part of our <a href=\"https:\/\/www.stratospherenetworks.com\/blog\/need-cybersecurity-talent-consider-security-operations-center-as-a-service\/\" target=\"_blank\" rel=\"noopener\">Security Operations Center as a Service (SOCaaS) offering<\/a>.<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Forensic artifacts found in HAFNIUM intrusions exploiting CVE-2021-27065<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Forensic artifacts found in HAFNIUM intrusions exploiting CVE-2021-26858<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Forensic artifacts showing clean-up activity found in HAFNIUM intrusions<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Forensic artifacts found in HAFNIUM intrusions<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>HAFNIUM SecChecker web shell<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Web shell Injection<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Simple ASPX web shell that allows an attacker to write further files to disk<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>SPORTSBALL web shell<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>PowerCat hacktool<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>PowerShell Oneliner in Nishang&#8217;s repository<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Suspicious log entries indicating requests as described in reports on HAFNIUM activity<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Variation on reGeorgtunnel<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Web shells and ASPX files dropped by CVE-2021-27065 (for all threat actors)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Windows Error Report (WER) indicating an exploitation attempt of the Exchange server as described in CVE-2021-26857, after the application of the corresponding patches<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>If you\u2019re interested in our MDR services for your Exchange environment or have any questions about how to protect your organization from the on-prem Exchange Server attacks, our team of security analysts is here to assist you. We can help you find and fix any vulnerabilities in your network, in addition to identifying and implementing <a href=\"https:\/\/www.stratospherenetworks.com\/managed-cybersecurity-services.html\" target=\"_blank\" rel=\"noopener\">cybersecurity solutions<\/a> to fend off evolving threats. For details, please call 877-599-3999 or email <a href=\"mailto:sales@stratospherenetworks.com\" target=\"_blank\" rel=\"noopener\">sales@stratospherenetworks.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this month, Microsoft announced that malicious actors were leveraging zero-day exploits to infiltrate on-premises versions of Microsoft Exchange Server. If your company utilizes an Exchange server that hackers could potentially breach via these vulnerabilities, here\u2019s everything you should know &hellip; <a href=\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\">Read more <span class=\"meta-nav\">><\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":4278,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[261],"tags":[],"class_list":["post-4277","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-tips-from-the-president"],"yoast_head":"<title>Microsoft Exchange Server Attacks: Protect Your Business<\/title>\n<meta name=\"description\" content=\"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Exchange Server Attacks: Protect Your Business\" \/>\n<meta property=\"og:description\" content=\"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\" \/>\n<meta property=\"og:site_name\" content=\"Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-22T12:44:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-1024x585.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kevin Rubin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kevin Rubin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\"},\"author\":{\"name\":\"Kevin Rubin\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5\"},\"headline\":\"Microsoft Exchange Server Exploits FAQ: How to Protect Your Business\",\"datePublished\":\"2021-03-22T12:44:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\"},\"wordCount\":811,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg\",\"articleSection\":[\"Tech Tips from the President\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\",\"url\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\",\"name\":\"Microsoft Exchange Server Attacks: Protect Your Business\",\"isPartOf\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg\",\"datePublished\":\"2021-03-22T12:44:29+00:00\",\"author\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5\"},\"description\":\"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage\",\"url\":\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg\",\"contentUrl\":\"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg\",\"width\":2291,\"height\":1309,\"caption\":\"An image of a glowing blue padlock superimposed over a server room to symbolize server security.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stratospherenetworks.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Exchange Server Exploits FAQ: How to Protect Your Business\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#website\",\"url\":\"https:\/\/www.stratospherenetworks.com\/blog\/\",\"name\":\"Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support\",\"description\":\"The Stratosphere Networks IT Support blog offering IT Support Services information.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stratospherenetworks.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5\",\"name\":\"Kevin Rubin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4e0f1ab948ce542b3dd8def474bcde6faa8862614b72d26878c7755269b276e9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4e0f1ab948ce542b3dd8def474bcde6faa8862614b72d26878c7755269b276e9?s=96&d=mm&r=g\",\"caption\":\"Kevin Rubin\"},\"sameAs\":[\"http:\/\/stratospherenetworks.com\/\"],\"url\":\"https:\/\/www.stratospherenetworks.com\/blog\/author\/kevin-rubin\/\"}]}<\/script>","yoast_head_json":{"title":"Microsoft Exchange Server Attacks: Protect Your Business","description":"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Exchange Server Attacks: Protect Your Business","og_description":"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.","og_url":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/","og_site_name":"Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support","article_published_time":"2021-03-22T12:44:29+00:00","og_image":[{"width":1024,"height":585,"url":"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo-1024x585.jpg","type":"image\/jpeg"}],"author":"Kevin Rubin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kevin Rubin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#article","isPartOf":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/"},"author":{"name":"Kevin Rubin","@id":"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5"},"headline":"Microsoft Exchange Server Exploits FAQ: How to Protect Your Business","datePublished":"2021-03-22T12:44:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/"},"wordCount":811,"commentCount":0,"image":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg","articleSection":["Tech Tips from the President"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/","url":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/","name":"Microsoft Exchange Server Attacks: Protect Your Business","isPartOf":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage"},"image":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg","datePublished":"2021-03-22T12:44:29+00:00","author":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5"},"description":"If your on-premises Microsoft Exchange Server that could be vulnerable to cyberattacks, here\u2019s how to identify indicators of compromise.","breadcrumb":{"@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#primaryimage","url":"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg","contentUrl":"https:\/\/www.stratospherenetworks.com\/blog\/wp-content\/uploads\/2021\/03\/server-protection-stock-photo.jpg","width":2291,"height":1309,"caption":"An image of a glowing blue padlock superimposed over a server room to symbolize server security."},{"@type":"BreadcrumbList","@id":"https:\/\/www.stratospherenetworks.com\/blog\/microsoft-exchange-server-exploits-faq-how-to-protect-your-business\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stratospherenetworks.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Exchange Server Exploits FAQ: How to Protect Your Business"}]},{"@type":"WebSite","@id":"https:\/\/www.stratospherenetworks.com\/blog\/#website","url":"https:\/\/www.stratospherenetworks.com\/blog\/","name":"Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support","description":"The Stratosphere Networks IT Support blog offering IT Support Services information.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stratospherenetworks.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/5e80dcea00878b83fb152245aa51b3f5","name":"Kevin Rubin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stratospherenetworks.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4e0f1ab948ce542b3dd8def474bcde6faa8862614b72d26878c7755269b276e9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4e0f1ab948ce542b3dd8def474bcde6faa8862614b72d26878c7755269b276e9?s=96&d=mm&r=g","caption":"Kevin Rubin"},"sameAs":["http:\/\/stratospherenetworks.com\/"],"url":"https:\/\/www.stratospherenetworks.com\/blog\/author\/kevin-rubin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=4277"}],"version-history":[{"count":2,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4277\/revisions"}],"predecessor-version":[{"id":4280,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4277\/revisions\/4280"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/media\/4278"}],"wp:attachment":[{"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=4277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=4277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stratospherenetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=4277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}