After a massive effort, Microsoft says that 92% of stand-alone vulnerable Exchange servers have been patched against the collection of vulnerabilities exploited by the Hafnium hacker group.
The data comes from RiskIQ, who is working with Microsoft and who tweeted the numbers.
Our work continues, but we are seeing strong momentum for on-premises Exchange Server updates:
• 92% of worldwide Exchange IPs are now patched or mitigated.
• 43% improvement worldwide in the last week. pic.twitter.com/YhgpnMdlOX
— Security Response (@msftsecresponse) March 22, 2021
Hafnium exploited 4 zero-day exploits which affected only stand-alone Microsoft Exchange services, resulting in tens of thousands of servers being compromised with data loss and ransomware attacks.
In response, Microsoft released a mitigation guide, emergency patches and created a one-click mitigation tool and later updated Microsoft Defender to automatically mitigate the vulnerability.
This still leaves tens of thousands of servers already breached, however, the fall-out of which will likely take years to be fully realized. F-Secure recommends IT administrators check their systems for indicators of compromise (IoCs) and perform security audits to see if their servers have been exploited.