HKCERT Urges Local Owners of Microsoft Exchange Server to Patch up System Vulnerabilities
(Hong Kong, 25 March 2021) The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council, addressing the latest development of the discovery of multiple vulnerabilities in Microsoft Exchange Server, is urging local owners of this system to promptly download and install the relevant security patch from the official website and investigate for any system compromise occurred. Otherwise, they could be subject to theft of email data, ransomware attacks and even becoming part of a botnet.
Microsoft first reported on March 2 multiple vulnerabilities in several on-premises versions of its Exchange Server whom hackers could exploit to trigger remote code execution on the targeted system, and install malicious web shell to take full control of the system and conduct acts such as stealing email data, injecting malware or moving laterally into the system environment of the organisation to establish deeper persistence. Nearly 400,000 sets of Exchange Server worldwide might be affected.
Since then, cyber security researchers from around the world have found that over 10 hacker groups are actively exploiting these vulnerabilities in unpatched systems with some even deploying ransomware and botnet malware. Microsoft and computer emergency response teams from around the world, in turn, issued security alerts, urging Exchange Server owners to promptly apply the security patch and check for any system abnormality.
In Hong Kong, HKCERT first released a security bulletin about the vulnerabilities on March 3 and updated it on March 16 and 22 after the release of a mitigation tool by Microsoft to remediate any compromise and further development of the situation. It had also raised the risk level of the vulnerabilities for the security bulletin to its highest of “Extremely High Risk” (i.e. the vulnerabilities may cause high impact on the targeted system and are actively exploited in the wild”); and issued posts through social media to keep local owners of the system updated on the ongoing attacks and potential impacts. In addition, it contacted local Internet service providers to notify the owners of the IP addresses of Internet-facing Microsoft Exchange Server in Hong Kong to take remedial actions immediately.
Although HKCERT has not received any local-related security incident reports, in light of the surge of the malicious activities worldwide and the anticipated new threats from these vulnerabilities, it reiterates the need for local owners of Microsoft Exchange Server to promptly implement the following security measures:
- Apply security patch for the vulnerabilities as soon as possible. For manual installation, user must have the administrator privilege on the system; and
- Use Microsoft Defender Antivirus or Microsoft one-click Exchange On-premises Mitigation Tool (EOMT) on the Exchange Server to check for and remediate any existing compromise
Should users have any question on the related vulnerabilities, please do not hesitate to contact HKCERT via email: [email protected] or its 24-hour telephone hotline: 8105 6060. HKCERT will continue monitoring the latest development of these vulnerabilities and keep the public informed if there are any updates.
- Ends –
About Hong Kong Computer Emergency Response Team Coordination Centre
Managed by the Hong Kong Productivity Council (HKPC), Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) is the centre for coordination of computer security incident response for local enterprises and Internet Users. Its missions are to facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness.
HKCERT collaborates with local bodies to collect and disseminate information, and coordinate response actions. HKCERT is also a member of the Forum of Incident Response and Security Teams (FIRST) and the Asia Pacific Computer Emergency Response Teams (APCERT). We exchange information with other CERTs and act as a point of contact on cross-border security incidents.
About Hong Kong Productivity Council
The Hong Kong Productivity Council (HKPC) is a multi-disciplinary organisation established by statute in 1967, to promote productivity excellence through integrated advanced technologies and innovative service offerings to support Hong Kong enterprises. HKPC is the champion and expert in facilitating Hong Kong’s reindustrialisation empowered by i4.0 and e4.0 – focusing on R&D, IoT, big data analytics, AI and Robotic technology development, digital manufacturing, etc., to help enterprises and industries upgrade their business performance, lower operating costs, increase productivity and enhance competitiveness.
The Council is a trusted partner with comprehensive innovative solutions for Hong Kong industries and enterprises, enabling them to achieve resources and productivity utilisation, effectiveness and cost reduction, and enhanced competitiveness in both local and international marketplace. It offers SMEs and startups immediate and timely assistance in coping with the ever-changing business environment, accompanying them on their innovation and transformation journey.
In addition, HKPC partners and collaborates with local industries and enterprises to develop applied technology solutions for value creation. It also benefits a variety of sectors through product innovation and technology transfer, with commercialisation of multiple market-driven patents and technologies, bringing enormous opportunities abound for licensing and technology transfer, both locally and internationally.
For more information, please visit HKPC‘s website: www.hkpc.org.
Corporate Communications Unit
Corporate Development Division
Hong Kong Productivity Council
Tel: (+852) 2788 5833
Email: [email protected]