Threat Advisory Report on HAFNIUM Exchange Vulnerabilities

This document is a Threat Advisory Report detailing vulnerabilities associated with Microsoft Exchange Server, specifically targeting on-premises deployments of versions 2013, 2016, and 2019. It outlines the release of updates by the Microsoft Security Response Center on March 2, 2021, regarding zero-day exploits that are being actively exploited by a state-sponsored group known as HAFNIUM. The report describes various vulnerabilities, including server-side request forgery, deserialization issues, and arbitrary file write vulnerabilities, all of which have been assigned high severity ratings. The advisory also discusses the techniques employed by HAFNIUM to exploit these vulnerabilities, including the use of web shells and common offensive security tools. Furthermore, it documents the response strategies being implemented to detect and mitigate these threats, emphasizing the importance of proactive engagement with customers to assess the risks posed by this ongoing campaign. The report serves as a critical resource for understanding the nature of these threats and the necessary defensive measures.