Your ESET security product detects the following threat:
This threat affects users of Microsoft Exchange Server versions 2010, 2013, 2016, and 2019
After exploiting vulnerabilities to gain initial access, HAFNIUM operators deployed webshells on the compromised server. Webshells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.
For more details see ESET Customer Advisory.
ESET software can detect and block the webshell used for remote code execution.
The detection for the webshells and backdoors used within this attack chain appears as:
The Microsoft Exchange server remote code execution vulnerabilities are:
Install the Microsoft security patch
ESET strongly advises installing the Microsoft security update immediately.
To ensure the highest level of security, we recommend that you are always on the latest version of your ESET product: Check for the latest version of your ESET business products
Keep ESET Live Grid enabled
In some cases, your ESET product with ESET Live Grid enabled may respond faster to new threats than to modules updates.
Click here to learn more about ESET Live Grid and make sure it is enabled in your ESET product.
Minimize the risk of malware attack
- Back up your important data
- Do not change default settings
- Download security patches
WeLiveSecurity blog post
To learn more about how you can protect your system from this exploit, we recommend that you read the following ESET blog post:
- Microsoft rushes out fixes for four zero‑day flaws in Exchange Server
- Exchange servers under siege from at least 10 APT groups
To see a list of all ESET security articles related to zero-day attacks, see zero-day attacks.