Register
Promote YOUR BRAND

MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Microsoft Exchange hack and advice for threat hunting

Microsoft Exchange hack and advice for threat hunting

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Following Microsoft’s news about Hafnium, the Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):

CVE-2021-26855 – server-side request forgery (SSRF) vulnerability in Exchange.
CVE-2021-26857 – insecure deserialization vulnerability in the Unified Messaging service.
CVE-2021-26858 – post-authentication arbitrary file write vulnerability in Exchange.
CVE-2021-27065 – post-authentication arbitrary file write vulnerability in Exchange.
If successfully exploited, these CVEs would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system.

A large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC is encouraging these organisations to do so urgently.

We cross to the US and speak with Mat Gangwer, Senior Director, Sophos Managed Threat Response and review the Microsoft Exchange hack and threat hunting advice.

Full article, including updated ESET research: https://australiancybersecuritymagazi…

#Exchangehack#microsoft#cybersecurity#cyberbreach#exchange#CVE#Sophos

OTHER VIDEOS IN THIS SERIES

crl_2825-4
Providing cloud solutions in Malaysia
April 28, 2025
We speak with Hafis Murty, Head of Product Development with AVM Cloud as sponsors to the Cyber Security Asia 2025 Conference, Kuala Lumpur 21-22 April. Watch Now
crl_2825-3
Cloud Destinations global footprint reaching Southeast Asia
April 28, 2025
We speak with Siva Dharmaraj, CEO and Founder of Cloud Destinations, a Silicon Valley-based IT leader with partners in Malaysia. Watch Now
crl_2825-02
Rolling out Privileged Access Management
April 28, 2025
We speak with Aaron Tay, Technical Solutions Consultant with Manage Engine, as sponsors for the Cyber Security Asia 2025 conference in Kuala Lumpur, 21-22 April. Watch Now
crl_2825-01
Introducing V Gallant CyberSecure at CSA 2025
April 28, 2025
We speak with Fabian Lim, Business Development Manager for V Gallant. Watch Now

MySecurity MarketPlace, powered by MySecurity Media is a dedicated marketplace connecting industry and enterprise professionals to the latest events, education, technology and media platforms across a global domain.

LATEST EVENT LISTED

India Space Congress 2025 MP
India Space Congress 2025
DronTech Asia 2025 700(w)x480(h)px MySecurity Marketplace-01
DronTech Asia 2025
CISO Middle East Summit 2025
CISO Middle East Summit 2025

CONNECT WITH US

X-twitter Facebook-f Linkedin-in Instagram Youtube Podcast Google-play Apple

CONTACT US

© My Security Media. All Right Reserved 2019.

Privacy Policy | Terms & Conditions | Competition T&Cs