back to article Microsoft fixes four zero-day flaws in Exchange Server exploited by China's ‘Hafnium’ spies to steal victims' data

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers. The Windows giant today issued patches for Exchange to close up the bugs, and recommended their immediate application by all. On- …

  1. _LC_ Silver badge
    Devil

    You have to love it.

    The world-famous serious criminal points his finger at others and makes accusations in the daily rhythm.

  2. Potemkine! Silver badge

    First of all, never ever consider that a mail is a good way to transmit confidential data - a message I hammer to users but who doesn't seam to enter their head. The higher in the hierarchy, the less it enters surprisingly.

    Having access to an exchange server is a bad thing anyway, just having informations on calendars can be very insightful too.

    1. gryphon

      Indeed.

      Names of folders within mailboxes can also cause problems if a manager has shared access to their mailbox badly.

      e.g. Headcount reduction plan, company sale etc.

    2. FBee

      Note: Hammer needed to break the seam to enter their heads

  3. A random security guy Bronze badge

    Why is Exchange so hackable?

    It has been a while since I had anything to do directly with Exchange. I did get a look at a bit of their software 15 years ago and it was really badly written. Is it still like that? Probably. It is like Adobe's Flash; every month there were a zillion documented security fixes. And Flash took decades to die.

    When will WE get rid of Exchange? Maybe MS is so used to patching things (to make billions) that it can't let go.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why is Exchange so hackable?

      It's not that it's necessarily so hackable, more of it's a common product that holds a lot of data thieves want. Serious thieves don't rob the homeless guy in front of the bank, they rob the bank.

      You don't need to wait to get rid of Exchange, there are other products you can use if you want to. Managing a network environment end to end is the main reason MS is the main player for corporate networks, including Email.

    2. Danny 5

      Re: Why is Exchange so hackable?

      Having worked as an Exchange engineer for just under 15 years, I can tell you your assumption is way off. Exchange has become a very solid product, but due to the nature of the content, it's a highly sought after target. Email is one of the biggest treasure troves a hacker can get to. Your remark in regards to security fixes is ridiculous, Exchange updates are published quarterly now and there are generally very few bugfixes in between. You're still thinking about Exchange 5.5, the world of email has changed substantially since then.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why is Exchange so hackable?

        So how many years did these vulnerabilities go without being fixed? Sure, you can downvote an opinion but that doesn't change the facts.

    3. Version 1.0 Silver badge
      Joke

      Re: Why is Exchange so hackable?

      So Exchange is hackable? Does this mean that No Such Agency has been hacked again leaking this?

      I am hoping that the icon is accurate, and scared that it's not.

  4. Danny 5

    Fun!

    That was an exciting 24 hours, we were scrambling to get the fixes installed. I love stuff like that, the emergency process kicks in and all responsibility falls firmly on the people executing the updates, no layers upon layers of management that need to put their 2 cents in, short lines and fast turnover, this is what I love most about working in IT.

    Got all my customers sorted out, was done at 22:30 last night with the last 2010 server (customer is slow to migrate, they should've been gone last year, but they're still with us on the EOL 2010 servers). Very satisfied with a job well done, this is one of the things the company I work for excels at, normally it's just as bureaucratic as any other large company, but when shit hits the fan, it really shines.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021