So far, it appears that more than 30,000 organizations, including small businesses, are compromised. The US National Security Council urges organizations, including small businesses, to “take immediate measures” to detect compromise.
–> ONE: Ask your IT team, “Do we still have Microsoft Exchange Server email software installed anywhere?”
If they answer affirmatively, even if they’re already moving to the cloud, you must continue:
–> TWO: Ask them, “What can I take off your plate or postpone so that you can immediately test and deploy the patches to the Exchange Server right now?”
Essential: Applying security updates to your Exchange server does not resolve the issue if your organization is already compromised. There might be a small program on your system quietly waiting for an attacker’s commands.
To help determine if you are already compromised: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log
If your team cannot update immediately, send them here: https://github.com/microsoft/CSS-Exchange/tree/main/Security
–> THREE: Say, “The emergency is too great to postpone. Later, let’s discuss the pros and cons of moving email to the cloud.”
Pros include eliminating one server and associated headaches. Often, online email is better for remote workers too. But you could lose some integration features you have now, for example, an on-site phone system tied into Exchange. Because saving money and streamlining is essential, online Exchange is often less expensive.
The blog posting https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log has a plethora of other information and guidance for your team related to the updates. Some organizations are experiencing errors after applying the security updates. For example, some learned they must install the updates from an elevated command prompt window. Microsoft provides more guidance: