Hafnium Hack – How to run the patches, with simple detailed instructions.

Hafnium Hack – How to run the patches, with simple detailed instructions.

Why make such a “How to”? 
Because all articles we found so far, talk about what to do, but none shows how to do it.

So let’s start.

1. HOW TO KNOW IF YOU ARE “INFECTED”

2. INSTALL THE LATEST CU

Before you can apply the “.msb” patch you need to have the latest CU already installed!

3. run your Exchange patch

After the CU is installed then you can run your Exchange patch.

4. Block suspicious IPs

According to Cisa.gov, a number of servers were reported as suspicious: https://us-cert.cisa.gov/ncas/alerts/aa21-062a

  • 103.77.192[.]219
  • 104.140.114[.]110
  • 104.250.191[.]110
  • 108.61.246[.]56
  • 149.28.14[.]163
  • 157.230.221[.]198
  • 167.99.168[.]251
  • 185.250.151[.]72
  • 192.81.208[.]169
  • 203.160.69[.]66
  • 211.56.98[.]146
  • 5.254.43[.]18
  • 5.2.69[.]14
  • 80.92.205[.]81
  • 91.192.103[.]43

For extra security we decided to block  the above IPs both for WAN and LAN traffic (incoming and outgoing connections) into our firewall.

After some hours we noticed WAN traffic coming in from those IPs: It seems they tried to see if the Exchange server was still available for whatever they intended to do..

latest posts

Hyper-V How to Fix Virtual machine could not be started because the hypervisor is not running

After a client's power failure where the UPS failed to properly shutdown the Hyper-V Server, VMs were not able to start. See below for the error we got every time...

How to connect/remote Hyper-V Server using Server Manager from another Windows Server and view Task Scheduler

First we have to enable communication between the two servers.Connect to your Hyper-V Server and open powershell. Type the following two commands: Enable-PSRemoting Enable-WSManCredSSP -Role server From your Windows Server...

Automate log off process to improve the security of your computer

Hackers are criminals who gain unauthorized access to a network and devices, usually with the intent to steal sensitive data, such as financial information or company secrets. You can protect...

Automate Creation of Serial Numbers In An Existing PDF Template

We received a request from a client, to automate the creation of Serial Numbers inside a PDF file.The PDF was a A3+ format and was designed in such a way...

OTHER PRODUCTS