Hafnium Hack – How to run the patches, with simple detailed instructions.

Hafnium Hack – How to run the patches, with simple detailed instructions.

Why make such a “How to”? 
Because all articles we found so far, talk about what to do, but none shows how to do it.

So let’s start.

1. HOW TO KNOW IF YOU ARE “INFECTED”

2. INSTALL THE LATEST CU

Before you can apply the “.msb” patch you need to have the latest CU already installed!

3. run your Exchange patch

After the CU is installed then you can run your Exchange patch.

4. Block suspicious IPs

According to Cisa.gov, a number of servers were reported as suspicious: https://us-cert.cisa.gov/ncas/alerts/aa21-062a

  • 103.77.192[.]219
  • 104.140.114[.]110
  • 104.250.191[.]110
  • 108.61.246[.]56
  • 149.28.14[.]163
  • 157.230.221[.]198
  • 167.99.168[.]251
  • 185.250.151[.]72
  • 192.81.208[.]169
  • 203.160.69[.]66
  • 211.56.98[.]146
  • 5.254.43[.]18
  • 5.2.69[.]14
  • 80.92.205[.]81
  • 91.192.103[.]43

For extra security we decided to block  the above IPs both for WAN and LAN traffic (incoming and outgoing connections) into our firewall.

After some hours we noticed WAN traffic coming in from those IPs: It seems they tried to see if the Exchange server was still available for whatever they intended to do..

latest posts

Hafnium Hack – How to run the patches, with simple detailed instructions.

Why make such a “How to”? Because all articles we found so far, talk about what to do, but none shows how to do it.So let’s start. 1. HOW TO KNOW IF YOU...

How can AI be used in web scraping?

Hi! Just in case, we have developed a web scraping application. I work for Synergy USA llc and you can find more about it, googling "Synergy Custom web scraping" latest...

What is “Bonjour Service” on my computer? Is it a virus?

It’s a service made by Apple. It’s used to help your computer connect to devices like TimeMachine, Apple TV etc.It can also run in Windows.Do not worry, it’s not a...

If a company is being hacked and customer’s accounts are compromised is the company required to make it known to the public?

Under European law and especially under the new GDRP the company has to notify the local authorities within 72 hours. latest posts If a company is being hacked and customer’s...

OTHER PRODUCTS