Hafnium Hack – How to run the patches, with simple detailed instructions.

Hafnium Hack – How to run the patches, with simple detailed instructions.

Why make such a “How to”? 
Because all articles we found so far, talk about what to do, but none shows how to do it.

So let’s start.

1. HOW TO KNOW IF YOU ARE “INFECTED”

2. INSTALL THE LATEST CU

Before you can apply the “.msb” patch you need to have the latest CU already installed!

3. run your Exchange patch

After the CU is installed then you can run your Exchange patch.

4. Block suspicious IPs

According to Cisa.gov, a number of servers were reported as suspicious: https://us-cert.cisa.gov/ncas/alerts/aa21-062a

  • 103.77.192[.]219
  • 104.140.114[.]110
  • 104.250.191[.]110
  • 108.61.246[.]56
  • 149.28.14[.]163
  • 157.230.221[.]198
  • 167.99.168[.]251
  • 185.250.151[.]72
  • 192.81.208[.]169
  • 203.160.69[.]66
  • 211.56.98[.]146
  • 5.254.43[.]18
  • 5.2.69[.]14
  • 80.92.205[.]81
  • 91.192.103[.]43

For extra security we decided to block  the above IPs both for WAN and LAN traffic (incoming and outgoing connections) into our firewall.

After some hours we noticed WAN traffic coming in from those IPs: It seems they tried to see if the Exchange server was still available for whatever they intended to do..

latest posts

Unveiling Hidden Dangers: The Perils of UPnP and Protecting Your Digital Homestead – Apple Time Capsule

The Dangers of Default Settings: A Narrative on UPnP and Data Vulnerability During one of my routine client visits, I encountered a situation that underscored the criticality of cybersecurity in...

Ransomware attacks in 2022 – Protection Measures

The majority of ransomware attacks in 2022 began with the exploitation of public-facing applications, data retrieval from compromised user accounts, and malicious emails, a new report by Kaspersky reveals.According to...

GPT-3 vs GPT-4 improvements, differences, thoughts and examples

GPT-4 builds upon the success of its predecessor, GPT-3, by offering several improvements in various aspects. While both models are based on the Transformer architecture, GPT-4 has several advancements over...

Ransomware severs 1,000 ships from on-shore servers

A Norwegian company specializing in maritime risk management faced a ransomware attack on January 7th 2023 that caused its ShipManager software to go offline, resulting in 1,000 ships losing their...

OTHER PRODUCTS