US National Security Council urges review of Exchange Servers in wake of Hafnium attack

US National Security Council urges review of Exchange Servers in wake of Hafnium attack

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.


Microsoft revealed the attack last week and released Exchange security updates.

The Biden administration’s Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. Another advisory on 6 March upped the ante as follows:

White House National Security advisor Jake Sullivan weighed in too, on his Twitter account:



We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud


— Jake Sullivan (@JakeSullivan46) March 5, 2021

The matter even made it to the White House briefing room. In last Friday's White House briefing, White House press secretary, Jen Psaki called the Microsoft breach “a significant vulnerability that could have far reaching impacts” and “an active threat.” She referred to Sullivan’s tweet and urged those running affected servers to patch them immediately, specifically government, private sector, and academia.


“The Cybersecurity and Infrastructure Security Agency issued an emergenc ..