Cybersecurity Briefing — Microsoft Exchange zero-days exploited by Hafnium

Microsoft disclosed on 2 March 2021 that four Exchange Server zero-days were being exploited by Hafnium, prompting out-of-band patches and global emergency response for on-prem email servers.

Zeph Tech Research Lead

Research lead, Zeph Tech

Publication date and credibility emphasis for this briefing. Source data (JSON)

On 2 March 2021 Microsoft released out-of-band fixes for four Exchange Server vulnerabilities (including CVE-2021-26855) under active exploitation by the Hafnium threat group. Mass exploitation led to widespread web shell installation, requiring rapid patching and forensic triage.

Security teams should inventory on-prem Exchange instances, apply cumulative updates, hunt for web shells and Indicators of Compromise from Microsoft guidance, and isolate compromised servers while enabling EDR coverage.

Single-point timeline showing the publication date sized by credibility score. — Publication date and credibility emphasis for this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Cybersecurity Operations Playbook — Zeph Tech
Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.

Related briefings

Cybersecurity Briefing — Cisco IOS XE Web UI zero-day CVE-2023-20198

Microsoft Issues Out-of-Band Patches for Exchange Server ProxyLogon Zero-Days

Cybersecurity Briefing — Colonial Pipeline ransomware attack disrupts U.S. fuel supply

Cybersecurity Briefing — SolarWinds Orion supply chain compromise disclosed

Cybersecurity Briefing — Kaseya VSA supply-chain ransomware attack

Continue in the Cybersecurity pillar

Latest guides