<\/p>\n
New nation-state cyberattacks – Microsoft On the Issues<\/a><\/p>\n <\/p>\n \u4eca\u5929\uff0c\u6211\u5011\u6b63\u5728\u5206\u4eab\u6709\u95dc\u7531\u5fae\u8edf\u5a01\u8105\u60c5\u5831\u4e2d\u5fc3 \uff08MSTIC\uff09 \u8b58\u5225\u7684\u570b\u5bb6\u8d0a\u52a9\u7684\u5a01\u8105\u884c\u70ba\u8005\u7684\u8cc7\u8a0a\uff0c\u6211\u5011\u7a31\u4e4b\u70ba Hafnium\u3002Hafnium\u5728\u4e2d\u570b\u904b\u71df\uff0c\u9019\u662f\u6211\u5011\u7b2c\u4e00\u6b21\u8a0e\u8ad6\u5b83\u7684\u6d3b\u52d5\u3002\u9019\u662f\u4e00\u500b\u9ad8\u6280\u80fd\u548c\u8001\u7df4\u7684\u6f14\u54e1\u3002 <\/p>\n \u5f9e\u6b77\u53f2\u4e0a\u770b\uff0cHafnium\u4e3b\u8981\u91dd\u5c0d\u7f8e\u570b\u7684\u5be6\u9ad4\uff0c\u76ee\u7684\u662f\u5f9e\u4e00\u4e9b\u884c\u696d\u90e8\u9580\uff08\u5305\u62ec\u50b3\u67d3\u75c5\u7814\u7a76\u4eba\u54e1\u3001\u5f8b\u5e2b\u4e8b\u52d9\u6240\u3001\u9ad8\u7b49\u6559\u80b2\u6a5f\u69cb\u3001\u570b\u9632\u627f\u5305\u5546\u3001\u653f\u7b56\u667a\u56ca\u5718\u548c\u975e\u653f\u5e9c\u7d44\u7e54\uff09\u6ef2\u900f\u8cc7\u8a0a\u3002\u96d6\u7136Hafnium\u7e3d\u90e8\u4f4d\u65bc\u4e2d\u570b\uff0c\u4f46\u5b83\u4e3b\u8981\u901a\u904e\u5728\u7f8e\u570b\u79df\u8cc3\u7684\u865b\u64ec\u79c1\u4eba\u4f3a\u670d\u5668\uff08VPS\uff09\u958b\u5c55\u696d\u52d9\u3002<\/font> <\/p>\n \u6700\u8fd1\uff0cHafnium \u4f7f\u7528\u4ee5\u524d\u672a\u77e5\u7684\u6f0f\u6d1e\u653b\u64ca\u672c\u5730 Exchange server \u9032\u884c\u4e86\u591a\u6b21\u653b\u64ca\u3002\u8fc4\u4eca\u70ba\u6b62\uff0cHafnium\u662f\u6211\u5011\u6240\u770b\u5230\u7684\u4f7f\u7528\u9019\u4e9b\u6f0f\u6d1e\u7684\u4e3b\u8981\u53c3\u8207\u8005<\/font>\uff0cMSTIC\u5728\u9019\u88e1<\/a>\u8a73\u7d30\u8a0e\u8ad6\u4e86\u9019\u4e9b\u6f0f\u6d1e\u3002\u653b\u64ca\u5305\u62ec\u4e09\u500b\u6b65\u9a5f\u3002\u9996\u5148\uff0c\u5b83\u5c07\u4f7f\u7528\u88ab\u76dc\u5bc6\u78bc\u6216\u4f7f\u7528\u4ee5\u524d\u672a\u767c\u73fe\u7684\u6f0f\u6d1e<\/font>\u4f86\u507d\u88dd\u6210\u61c9\u8a72\u8a2a\u554f\u7684\u4eba\uff0c\u5f9e\u800c\u8a2a\u554f Exchange server \u3002\u5176\u6b21\uff0c\u5b83\u5c07\u5275\u5efa\u6240\u8b02\u7684 Web \u5916\u6bbc\uff0c\u4ee5\u9060\u7aef\u63a7\u5236\u53d7\u5165\u4fb5\u7684\u4f3a\u670d\u5668\u3002\u7b2c\u4e09\uff0c\u5b83\u5c07\u5229\u7528\u9060\u7aef\u8a2a\u554f\uff08\u5f9e\u7f8e\u570b\u79c1\u4eba\u4f3a\u670d\u5668\u904b\u884c\uff09\u5f9e\u7d44\u7e54\u7684\u7db2\u8def\u7aca\u53d6\u6578\u64da\u3002<\/font> <\/p>\n \u6211\u5011\u5c08\u6ce8\u65bc\u4fdd\u8b77\u5ba2\u6236\u514d\u53d7\u7528\u65bc\u5be6\u65bd\u9019\u4e9b\u653b\u64ca\u7684\u6f0f\u6d1e\u3002\u4eca\u5929\uff0c\u6211\u5011<\/font>\u767c\u4f48\u4e86\u5b89\u5168\u66f4\u65b0<\/font><\/a>\uff0c\u5c07\u4fdd\u8b77\u904b\u884c Exchange server \u7684\u5ba2\u6236\u3002\u6211\u5011\u5f37\u70c8\u9f13\u52f5\u6240\u6709 Exchange server \u5ba2\u6236\u7acb\u5373\u61c9\u7528\u9019\u4e9b\u66f4\u65b0<\/font><\/font>\u3002<\/font><\/p>\n <\/p>\n \u8acb\u5927\u5bb6\u52d9\u5fc5\u56b4\u8085\u770b\u5f85\u9019\u500b\u4e8b\u4ef6\u3002\u9019\u5df2\u7d93\u662f\u5fae\u8edf\u904e\u53bb12\u500b\u6708\u7b2c8\u6b21\u516c\u958b\u63ed\u9732Nation-State \u7d44\u7e54\u653b\u64ca\u4e8b\u4ef6\uff0c\u65e5\u524d\u518d\u6b21\u7d93\u7531Volexity and Dubex\u7814\u7a76\u4eba\u54e1\u901a\u5831\u5fae\u8edf\u9019\u7a2e\u578b\u5f0f\u7684\u653b\u64ca\u884c\u70ba\u3002 <\/p>\n \u8a73\u7d30\u8aaa\u660e\uff0c\u8acb\u53c3\u8003\u525b\u91cb\u51fa\u7684\u6587\u4ef6\u3002 https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/<\/a><\/u> <\/p>\n \u82e5\u5408\u4f5c\u5925\u4f34\u6216\u5ba2\u6236\u5e0c\u671b\u6709\u4e00\u500b\u597d\u7684\u5de5\u5177\u53ef\u4ee5\u6aa2\u6e2c\u76ee\u524dExchange\u7684\u5065\u5eb7\u72c0\u6cc1\uff0c\u60a8\u53ef\u4ee5\u900f\u904eGitHub\u4e0b\u8f09Exchange Server Health Checker Script.<\/font> <\/p>\n https:\/\/github.com\/dpaulson45\/HealthChecker<\/a><\/u> <\/p>\n <\/p>\n \u91dd\u5c0d\u76ee\u524d\u4f7f\u7528Exchange Server 2010, 2013, 2016, 2019\u7684\u670b\u53cb\uff0c\u8acb\u76e1\u5feb\u5b8c\u6210\u6700\u65b0\u7684\u5b89\u5168\u6027\u66f4\u65b0\u3002(\u76ee\u524d\u55ae\u4e00\u4f3a\u670d\u5668\u66f4\u65b0\u6642\u9593\u6700\u9577\u9700\u898160\u5206\u9418) <\/font> <\/p>\n <\/font> <\/p>\n <\/font> <\/p>\n Exchange Server 2010, 2013, 2016, 2019\u6700\u65b0CU\u8207\u66f4\u65b0\u4e0b\u8f09\u93c8\u7d50\u4e3b\u9801\uff1a<\/font> <\/p>\n https:\/\/docs.microsoft.com\/zh-tw\/exchange\/new-features\/build-numbers-and-release-dates?view=exchserver-2019<\/a><\/u> <\/p>\n <\/u> <\/p>\n Download Update Rollup 32 for Exchange Server 2010 SP3 (KB5000978)<\/a> <\/p>\n <\/u> <\/p>\n <\/u> <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/u> <\/p>\n <\/u> <\/p>\n \u5b8c\u6574\u66f4\u65b0\u624b\u518a\uff0c\u8acb\u53c3\u8003\u9644\u4ef6\uff1a <\/p>\n Exchange patch information <\/b> <\/p>\n <\/p>\n \u5408\u4f5c\u5925\u4f34\u66f4\u65b0\u4e0a\u82e5\u6709\u554f\u984c\uff0c\u53ef\u767b\u5165 <\/font>http:\/\/aka.ms\/tpdmsform<\/font><\/a> \u5efa\u6848\uff0c\u8acb\u5408\u4f5c\u5925\u4f34\u6280\u8853\u9867\u554f\u5718\u968a\u5354\u52a9<\/font><\/p>\n <\/p>\n <\/p>\n <\/p>\n \u3010Exchange Server 2019 CU8\u3011<\/font><\/b> <\/p>\n Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)<\/a> <\/p>\n Download link:<\/font> <\/p>\n Download Security Update For Exchange Server 2019 CU8 (KB5000871) from Official Microsoft Download Center<\/a> <\/p>\n <\/p>\n \u3010<\/font><\/b>Exchange Server 2016 CU18\u3011<\/font><\/b> <\/p>\n Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)<\/a> <\/p>\n Download link:<\/font> <\/p>\n Download Security Update For Exchange Server 2016 CU18 (KB5000871) from Official Microsoft Download Center<\/a> <\/p>\n <\/p>\n \u3010Exchange Server 2010 SP3 RU32\u3011<\/font><\/b> <\/p>\n Description of the security update for Microsoft Exchange Server 2010 Service Pack 3: March 2, 2021 (KB5000978)<\/a> <\/p>\n Download link:<\/font> <\/p>\n Download Update Rollup 32 For Exchange 2010 SP3 (KB5000978) from Official Microsoft Download Center<\/a> <\/p>\n Get-Command ExSetup | ForEach {$_.FileVersionInfo} <\/p>\n Test-ServiceHealth <\/p>\n <\/p>\n <\/p>\n \u3010\u95dc\u65bc Nation-State Attack on Exchange Server \u3011<\/font><\/u><\/strong><\/p>\n <\/p>\n New nation-state cyberattacks – Microsoft On the Issues<\/a><\/p>\n <\/p>\n \u4eca\u5929\uff0c\u6211\u5011\u6b63\u5728\u5206\u4eab\u6709\u95dc\u7531\u5fae\u8edf\u5a01\u8105\u60c5\u5831\u4e2d\u5fc3 \uff08MSTIC\uff09 \u8b58\u5225\u7684\u570b\u5bb6\u8d0a\u52a9\u7684\u5a01\u8105\u884c\u70ba\u8005\u7684\u8cc7\u8a0a\uff0c\u6211\u5011\u7a31\u4e4b\u70ba Hafnium\u3002Hafnium\u5728\u4e2d\u570b\u904b\u71df\uff0c\u9019\u662f\u6211\u5011\u7b2c\u4e00\u6b21\u8a0e\u8ad6\u5b83\u7684\u6d3b\u52d5\u3002\u9019\u662f\u4e00\u500b\u9ad8\u6280\u80fd\u548c\u8001\u7df4\u7684\u6f14\u54e1\u3002 <\/p>\n \u5f9e\u6b77\u53f2\u4e0a\u770b\uff0cHafnium\u4e3b\u8981\u91dd\u5c0d\u7f8e\u570b\u7684\u5be6\u9ad4\uff0c\u76ee\u7684\u662f\u5f9e\u4e00\u4e9b\u884c\u696d\u90e8\u9580\uff08\u5305\u62ec\u50b3\u67d3\u75c5\u7814\u7a76\u4eba\u54e1\u3001\u5f8b\u5e2b\u4e8b\u52d9\u6240\u3001\u9ad8\u7b49\u6559\u80b2\u6a5f\u69cb\u3001\u570b\u9632\u627f\u5305\u5546\u3001\u653f\u7b56\u667a\u56ca\u5718\u548c\u975e\u653f\u5e9c\u7d44\u7e54\uff09\u6ef2\u900f\u8cc7\u8a0a\u3002\u96d6\u7136Hafnium\u7e3d\u90e8\u4f4d\u65bc\u4e2d\u570b\uff0c\u4f46\u5b83\u4e3b\u8981\u901a\u904e\u5728\u7f8e\u570b\u79df\u8cc3\u7684\u865b\u64ec\u79c1\u4eba\u4f3a\u670d\u5668\uff08VPS\uff09\u958b\u5c55\u696d\u52d9\u3002<\/font> <\/p>\n \u6700\u8fd1\uff0cHafnium \u4f7f\u7528\u4ee5\u524d\u672a\u77e5\u7684\u6f0f\u6d1e\u653b\u64ca\u672c\u5730 Exchange server \u9032\u884c\u4e86\u591a\u6b21\u653b\u64ca\u3002\u8fc4\u4eca\u70ba\u6b62\uff0cHafnium\u662f\u6211\u5011\u6240\u770b\u5230\u7684\u4f7f\u7528\u9019\u4e9b\u6f0f\u6d1e\u7684\u4e3b\u8981\u53c3\u8207\u8005<\/font>\uff0cMSTIC\u5728\u9019\u88e1<\/a>\u8a73\u7d30\u8a0e\u8ad6\u4e86\u9019\u4e9b\u6f0f\u6d1e\u3002\u653b\u64ca\u5305\u62ec\u4e09\u500b\u6b65\u9a5f\u3002\u9996\u5148\uff0c\u5b83\u5c07\u4f7f\u7528\u88ab\u76dc\u5bc6\u78bc\u6216\u4f7f\u7528\u4ee5\u524d\u672a\u767c\u73fe\u7684\u6f0f\u6d1e<\/font>\u4f86\u507d\u88dd\u6210\u61c9\u8a72\u8a2a\u554f\u7684\u4eba\uff0c\u5f9e\u800c\u8a2a\u554f Exchange server \u3002\u5176\u6b21\uff0c\u5b83\u5c07\u5275\u5efa\u6240\u8b02\u7684 Web \u5916\u6bbc\uff0c\u4ee5\u9060\u7aef\u63a7\u5236\u53d7\u5165\u4fb5\u7684\u4f3a\u670d\u5668\u3002\u7b2c\u4e09\uff0c\u5b83\u5c07\u5229\u7528\u9060\u7aef\u8a2a\u554f\uff08\u5f9e\u7f8e\u570b\u79c1\u4eba\u4f3a\u670d\u5668\u904b\u884c\uff09\u5f9e\u7d44\u7e54\u7684\u7db2\u8def\u7aca\u53d6\u6578\u64da\u3002<\/font> <\/p>\n \u6211\u5011\u5c08\u6ce8\u65bc\u4fdd\u8b77\u5ba2\u6236\u514d\u53d7\u7528\u65bc\u5be6\u65bd\u9019\u4e9b\u653b\u64ca\u7684\u6f0f\u6d1e\u3002\u4eca\u5929\uff0c\u6211\u5011<\/font>\u767c\u4f48\u4e86\u5b89\u5168\u66f4\u65b0<\/font><\/a>\uff0c\u5c07\u4fdd\u8b77\u904b\u884c Exchange server \u7684\u5ba2\u6236\u3002\u6211\u5011\u5f37\u70c8\u9f13\u52f5\u6240\u6709 Exchange server \u5ba2\u6236\u7acb\u5373\u61c9\u7528\u9019\u4e9b\u66f4\u65b0<\/font><\/font>\u3002<\/font> Exchange server \u4e3b\u8981\u7528\u65bc\u5546\u696d\u5ba2\u6236\uff0c\u6211\u5011\u6c92\u6709\u8b49\u64da\u8868\u660e Hafnium \u7684\u6d3b\u52d5\u91dd\u5c0d\u7684\u662f\u500b\u4eba\u6d88\u8cbb\u8005\uff0c\u4e5f\u6c92\u6709\u8b49\u64da\u8868\u660e\u9019\u4e9b\u6f0f\u6d1e\u6703\u5f71\u97ff\u5176\u4ed6 Microsoft \u7522\u54c1\u3002 <\/p>\n \u5118\u7ba1\u6211\u5011\u5df2\u8fc5\u901f\u70ba Hafnium \u6f0f\u6d1e\u90e8\u7f72\u4e86\u66f4\u65b0\uff0c\u4f46\u6211\u5011\u77e5\u9053\uff0c\u8a31\u591a\u6c11\u65cf\u570b\u5bb6\u884c\u70ba\u8005\u548c\u72af\u7f6a\u96c6\u5718\u5c07\u8fc5\u901f\u63a1\u53d6\u884c\u52d5\uff0c\u5229\u7528\u4efb\u4f55\u672a\u4fee\u88dc\u7684\u7cfb\u7d71\u3002\u7acb\u5373\u61c9\u7528\u4eca\u5929\u7684\u88dc\u4e01\u662f\u62b5\u79a6\u6b64\u653b\u64ca\u7684\u6700\u4f73\u4fdd\u8b77\u3002 <\/p>\n \u9664\u4e86\u70ba\u6211\u5011\u7684\u5ba2\u6236\u63d0\u4f9b\u65b0\u7684\u4fdd\u8b77\u5916\uff0c\u6211\u5011\u9084\u5411\u9069\u7576\u7684\u7f8e\u570b\u653f\u5e9c\u6a5f\u69cb\u901a\u5831\u4e86\u9019\u4e00\u6d3b\u52d5\u3002 <\/p>\n \u9019\u662f\u5fae\u8edf\u5728\u904e\u53bb12\u500b\u6708\u4e2d\u7b2c\u516b\u6b21\u516c\u958b\u62ab\u9732\u91dd\u5c0d\u5c0d\u516c\u6c11\u793e\u6703\u81f3\u95dc\u91cd\u8981\u7684\u6a5f\u69cb\u7684\u6c11\u65cf\u570b\u5bb6\u5718\u9ad4\uff1a\u6211\u5011\u62ab\u9732\u7684\u5176\u4ed6\u6d3b\u52d5\u91dd\u5c0d\u7684\u662f\u8207 Covid-19 \u4f5c\u6230\u7684\u91ab\u7642\u4fdd\u5065\u7d44\u7e54<\/a>\u3001\u653f\u6cbb\u904b\u52d5<\/a>\u548c\u5176\u4ed6\u53c3\u8207 2020 \u5e74\u9078\u8209\u7684\u7d44\u7e54\uff0c\u4ee5\u53ca\u91cd\u5927\u6c7a\u7b56\u6703\u8b70\u7684<\/a>\u9ad8\u8abf\u51fa\u5e2d\u8005\u3002 <\/p>\n \u6211\u5011\u53d7\u5230\u9f13\u821e\u7684\u662f\uff0c\u8a31\u591a\u7d44\u7e54\u81ea\u9858\u8207\u4e16\u754c\u3001\u5f7c\u6b64\u4e4b\u9593\u4ee5\u53ca\u81f4\u529b\u65bc\u9632\u79a6\u7684\u653f\u5e9c\u6a5f\u69cb\u5171\u4eab\u6578\u64da\u3002\u6211\u5011\u611f\u8b1dVolexity\u548cDux\u7684\u7814\u7a76\u4eba\u54e1\uff0c\u4ed6\u5011\u5411\u6211\u5011\u901a\u5831\u4e86\u9019\u4e00\u65b0Hafnium\u6d3b\u52d5\u7684\u5404\u500b\u65b9\u9762\uff0c\u4e26\u8207\u6211\u5011\u5408\u4f5c\uff0c\u4ee5\u8ca0\u8cac\u4efb\u7684\u65b9\u5f0f\u89e3\u6c7a\u5b83\u3002\u6211\u5011\u9700\u8981\u5feb\u901f\u5206\u4eab\u66f4\u591a\u6709\u95dc\u7db2\u8def\u653b\u64ca\u7684\u8cc7\u8a0a\uff0c\u4ee5\u4fbf\u6211\u5011\u6240\u6709\u4eba\u80fd\u5920\u66f4\u597d\u5730\u62b5\u79a6\u7db2\u8def\u653b\u64ca\u3002\u9019\u5c31\u662f\u70ba\u4ec0\u9ebc\u5fae\u8edf\u7e3d\u88c1\u5e03\u62c9\u5fb7\u53f2\u5bc6\u65af\u6700\u8fd1\u544a\u8a34\u7f8e\u570b\u570b\u6703\uff0c\u6211\u5011\u5fc5\u9808\u63a1\u53d6\u63aa\u65bd<\/a>\uff0c\u8981\u6c42\u5831\u544a\u7db2\u8def\u4e8b\u4ef6\u3002 <\/p>\n \u6211\u5011\u4eca\u5929\u8a0e\u8ad6\u7684\u6f0f\u6d1e\u8207\u55ae\u7368\u7684 SolarWinds \u76f8\u95dc\u653b\u64ca\u6c92\u6709\u4efb\u4f55\u95dc\u806f\u3002\u6211\u5011\u4ecd\u7136\u6c92\u6709\u770b\u5230\u4efb\u4f55\u8b49\u64da\u8868\u660eSolarWinds\u80cc\u5f8c\u7684\u53c3\u8207\u8005\u767c\u73fe\u6216\u5229\u7528\u4e86\u5fae\u8edf\u7522\u54c1\u548c\u670d\u52d9\u4e2d\u7684\u4efb\u4f55\u6f0f\u6d1e\u3002 <\/p>\n <\/p>\n Today, we\u2019re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we\u2019re discussing its activity. It is a highly skilled and sophisticated actor. <\/p>\n Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States. <\/p>\n Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we\u2019ve seen use these exploits, which are discussed in detail by MSTIC here<\/a>. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what\u2019s called a web shell to control the compromised server remotely. Third, it would use that remote access \u2013 run from the U.S.-based private servers \u2013 to steal data from an organization\u2019s network. <\/p>\n We\u2019re focused on protecting customers from the exploits used to carry out these attacks. Today, we released security updates<\/a> that will protect customers running Exchange Server. We strongly encourage all Exchange Server customers to apply these updates immediately. Exchange Server is primarily used by business customers, and we have no evidence that Hafnium\u2019s activities targeted individual consumers or that these exploits impact other Microsoft products. <\/p>\n Even though we\u2019ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today\u2019s patches is the best protection against this attack. <\/p>\n In addition to offering new protections for our customers, we\u2019ve briefed appropriate U.S. government agencies on this activity. <\/p>\n This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society; other activity we disclosed has targeted healthcare organizations<\/a> fighting Covid-19, political campaigns<\/a> and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences.<\/a> <\/p>\n We are encouraged that many organizations are voluntarily sharing data with the world, among each other and with government institutions committed to defense. We\u2019re grateful to researchers at Volexity and Dubex who notified us about aspects of this new Hafnium activity and worked with us to address it in a responsible way. We need more information to be shared rapidly about cyberattacks to enable all of us to better defend against them. That is why Microsoft President Brad Smith recently told the U.S. Congress that we must take steps<\/a> to require reporting of cyber incidents. <\/p>\n The exploits we\u2019re discussing today were in no way connected to the separate SolarWinds-related attacks. We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services. <\/p>\n <\/p>\n FAQ<\/font> <\/p>\n <\/p>\n Q:\u54ea\u4e9b\u7248\u672c\u7684<\/b>Exchange<\/b>\u4f3a\u670d\u5668\u6703\u53d7\u5230\u5f71\u97ff\uff1f<\/b> <\/p>\n A: Microsoft\u767c\u4f48\u7684\u5b89\u5168\u6027\u66f4\u65b0\u53ef\u4ee5\u89e3\u6c7a\u5831\u544a\u4e2d\u7684\u5b89\u5168\u6027\u6f0f\u6d1e\uff0c\u9019\u4e9b\u6f0f\u6d1e\u6703\u5f71\u97ff\u5305\u542b: Exchange Server 2013\u3001Exchange Server 2016\u548cExchange Server 2019\u3002\u70ba\u4e86\u6df1\u5ea6\u9632\u79a6\uff0c\u6211\u5011\u4e5f\u767c\u4f48\u4e86Exchange Server 2010\u7684\u66f4\u65b0\u3002<\/font> <\/p>\n Q:\u9019\u4e9b\u6f0f\u6d1e\u6703\u5f71\u97ff<\/b>Exchange Online\u55ce\uff1f<\/b> <\/p>\n A:\u4e0d\u6703\u3002\u4f7f\u7528Exchange Online\u7684\u5ba2\u6236\u4e0d\u6703\u53d7\u5230\u9019\u4e9b\u6f0f\u6d1e\u7684\u5f71\u97ff<\/font>\uff0c\u4e5f\u4e0d\u9700\u8981\u9032\u884c\u984d\u5916\u7684\u52d5\u4f5c\u3002 <\/p>\n Q:\u5728\u672c\u6b21\u63d0\u4f9b\u7684<\/b>Exchange\u5b89\u5168\u6027\u66f4\u65b0\u4e2d\uff0c\u5c07\u89e3\u6c7a\u591a\u5c11\u5b89\u5168\u6027\u6f0f\u6d1e\uff1f<\/b> <\/p>\n A:\u672c\u6b21\u7684\u5b89\u5168\u6027\u66f4\u65b0\u7248\u672c\u91dd\u5c0d\u5f71\u97ffExchange Server\u7684\u4e03\u500b\u5b89\u5168\u6027\u6f0f\u6d1e\u9032\u884c\u4fee\u5fa9\u3002\u5176\u4e2d\uff0c\u5df2\u77e5\u6709\u56db\u7a2e\u5c0d\u672c\u6a5fExchange\u4f3a\u670d\u5668\u7684\u653b\u64ca\u6709\u9650\u4e14\u6709\u91dd\u5c0d\u6027\u3002 <\/p>\n Q:\u9019\u4e9b\u6f0f\u6d1e\u7684\u56b4\u91cd\u6027\u3001\u5f71\u97ff\u548c<\/b>Base CVSS \u5206\u6578\u662f\u4ec0\u9ebc\uff1f<\/b> <\/p>\n A:\u672c\u6b21\u6f0f\u6d1e\u5305\u542b\u56b4\u91cd\u7b49\u7d1a\u88ab\u8a55\u70ba\u300ccritical\u300d\u7684Remote Code Execution\uff0c \u6700\u9ad8\u7684 Base CVSS\u5206\u6578\u662f9.1\u3002 <\/p>\n Q:\u662f\u5426\u53ef\u4ee5\u78ba\u8a8d<\/b> Exchange Server <\/b>\u6f0f\u6d1e\u5df2\u7d93\u7684\u6709\u5728\u7db2\u8def\u4e0a\u6709\u88ab\u5229\u7528\u5462\uff1f<\/b><\/b> <\/p>\n A:\u662f\u7684\u3002Microsoft\u6ce8\u610f\u5230\u6b64\u6b21\u70ba\u570b\u5bb6\u7d1a\u60e1\u610f\u653b\u64ca\uff0c\u4e3b\u8981\u91dd\u5c0d\u672c\u6a5fExchange\u4f3a\u670d\u5668\u9032\u884c\u76ee\u6a19\u5f0f\u653b\u64ca\u3002 <\/p>\n Q:\u6211\u9700\u8981\u6e96\u5099\u4ec0\u9ebc\uff0c\u8b93<\/b>Exchange Server<\/b>\u6e96\u5099\u597d\u65bc\u4e09\u6708\u4efd\u66f4\u65b0\u55ce\uff1f<\/b><\/b> <\/p>\n A: Microsoft\u70baExchange Server 2016\u548cExchange Server 2019\u63d0\u4f9b\u4e86\u5169\u500b\u6700\u65b0\u7684Cumulative Updates (CUs)\u652f\u63f4\uff0c\u4ee5\u53ca\u70baExchange Server 2010\u548cExchange Server 2013\u63d0\u4f9b\u4e86\u6700\u65b0\u7684Update Rollup (UR)\u7684\u652f\u63f4\u3002Exchange\u4f3a\u670d\u5668\u82e5\u63a1\u7528\u53d7\u652f\u63f4\u7684UR\u6216CU\uff0c\u5373\u70ba\u6700\u65b0\u7248\u672c\u3002\u5728\u5b89\u88dd\u4efb\u4f55\u5b89\u5168\u6027\u66f4\u65b0\u4e4b\u524d\uff0c\u975e\u6700\u65b0\u7248\u672c\u7684Exchange\u4f3a\u670d\u5668\u9700\u8981\u5b89\u88dd\u53d7\u652f\u63f4\u7684UR\u6216CU\u3002 Exchange\u7ba1\u7406\u54e1\u61c9\u8003\u616e\u5230\uff0c\u82e5\u8981\u66f4\u65b0\u904e\u6642\u7684Exchange\u4f3a\u670d\u5668\u9700\u8981\u984d\u5916\u6642\u9593\u3002\u4e0b\u65b9\u7684Exchange Team\u90e8\u843d\u683c\u6587\u7ae0\u5c07\u63d0\u4f9b\u66f4\u591a\u8a73\u7d30\u8cc7\u8a0a\u3002<\/font> <\/p>\n Q:\u6211\u6709\u4ec0\u9ebc\u65b9\u5f0f\u53ef\u4ee5\u5224\u65b7\u54ea\u500b<\/b>Exchange\u4f3a\u670d\u5668\u53ef\u4ee5\u76f4\u63a5\u5b89\u88dd\u5b89\u5168\u6027\u66f4\u65b0\uff0c\u90a3\u4e9b\u5247\u9700\u8981\u5148\u5b89\u88dd\u53d7\u652f\u63f4\u7684<\/b>UR\u6216<\/b>CU\uff1f<\/b><\/b> <\/p>\n A: \u662f\u7684\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528Exchange Server Health Checker\u7684\u7a0b\u5f0f\u78bc\uff08\u53ef\u4ee5\u5728GitHub\u4e2d\u4e0b\u8f09\u7684\u6700\u65b0\u7248\u672c\uff09\u3002\u9019\u4e9b\u7a0b\u5f0f\u78bc\u5c07\u544a\u8a34\u60a8\uff0c\u60a8\u7684\u672c\u6a5fExchange Server\u662f\u5426\u70ba\u904e\u6642\u7684<\/font>\u3002 <\/p>\n Q: \u90a3\u4e9b<\/b>Exchange\u4f3a\u670d\u5668\u9700\u8981\u512a\u5148\u8655\u7406\u66f4\u65b0\u52d5\u4f5c\uff1f<\/b> <\/b> <\/p>\n A: \u662f\u7684\u3002\u66b4\u9732\u5728\u7db2\u8def\u4e0a\u7684Exchange \u4f3a\u670d\u5668\u5c07\u662f\u9ad8\u98a8\u96aa\u4f3a\u670d\u5668\uff0c\u6240\u4ee5\u56e0\u6b64\u61c9\u512a\u5148\u8655\u7406\u3002\u4e0b\u65b9\u7684Exchange Team\u90e8\u843d\u683c\u6587\u7ae0\u5c07\u63d0\u4f9b\u60a8\u66f4\u591a\u8cc7\u8a0a\u3002 <\/p>\n Q:\u9019\u4e9b\u6f0f\u6d1e\u662f\u5426\u6709<\/b> workaround<\/b>\u89e3\u6c7a\u65b9\u6cd5\uff1f<\/b><\/b> <\/p>\n A: \u82e5\u60a8\u5ef6\u5f8c\u5b89\u88dd\u5b89\u5168\u6027\u66f4\u65b0\uff0c\u552f\u4e00\u7684\u89e3\u6c7a\u65b9\u5f0f\u5c31\u662f\u5c07Exchange Servers\u5f9e\u5c0d\u5916\u7db2\u8def\u4e2d\u79fb\u9664\uff0c\u76f4\u5230\u80fd\u5920\u5b89\u88dd\u4e09\u6708\u7684\u5b89\u5168\u6027\u66f4\u65b0\u70ba\u6b62\u3002 <\/p>\n Q:\u6211\u8981\u5982\u4f55\u8fa8\u8b58\u6211\u7684<\/b>Exchange\u4f3a\u670d\u5668\u662f\u5426\u6709\u56e0\u70ba\u9019\u4e9b\u6f0f\u6d1e\u906d\u53d7\u5165\u4fb5\uff1f<\/b><\/b><\/font> <\/p>\n A: \u4e0b\u65b9\u7684Microsoft Threat Intelligence Center (MSTIC)\u90e8\u843d\u683c\u6587\u7ae0\u4e2d\uff0c\u63d0\u4f9b\u5b89\u5168\u5c08\u5bb6\u6280\u8853\u6307\u5357\uff0c\u4ee5\u4fbf\u7375\u6355\u4efb\u4f55\u6d89\u53ca\u9019\u4e9b\u6f0f\u6d1e\u7684\u5165\u4fb5\u3002<\/font> <\/p>\n Q:\u5728\u5b89\u88dd\u5b89\u5168\u6027\u66f4\u65b0\u5f8c\uff0c\u662f\u5426\u9700\u8981\u91cd\u65b0\u555f\u52d5<\/b>Exchange\u4f3a\u670d\u5668\uff1f<\/b><\/b> <\/p>\n A: \u662f\u7684\u3002\u7576\u5b8c\u6210\u5b89\u88dd\u5b89\u5168\u6027\u66f4\u65b0\u5f8c\uff0c\u9700\u8981\u91cd\u65b0\u555f\u52d5Exchange \u4f3a\u670d\u5668\uff0c\u624d\u80fd\u555f\u7528\u5b89\u5168\u6027\u66f4\u65b0<\/font>\u3002 <\/p>\n Q:\u5f71\u97ff<\/b>Exchange\u4f3a\u670d\u5668\u7684\u6f0f\u6d1e\u662f\u5426\u548c\u8fd1\u671f\u5f71\u97ff<\/b>SolarWinds\u7684\u653b\u64ca\u6709\u95dc\uff1f<\/b> <\/b> <\/p>\n A: \u4e0d\u662f\u3002\u6211\u5011\u6c92\u6709\u6ce8\u610f\u5230\u5f71\u97ffExchange Server\u7684\u6f0f\u6d1e\u548c\u8fd1\u671fSolarWinds\u653b\u64ca\u7684\u95dc\u806f\u6027\u3002 <\/p>\n Q: \u60a8\u662f\u5426\u53ef\u4ee5\u544a\u8a34\u6211\u95dc\u65bc\u9019\u500b\u53d7\u5230\u570b\u5bb6\u7d1a\u60e1\u610f\u884c\u70ba\u8005\u5229\u7528\u6b64\u6b21\u4e8b\u4ef6\u7684\u8cc7\u8a0a\uff1f<\/b><\/b> <\/p>\n A: \u6211\u5011\u5728\u90e8\u843d\u683c\u6587\u7ae0\u4e2d\u63d0\u4f9b\u76ee\u524d\u53ef\u4ee5\u5206\u4eab\u7684\u66f4\u591a\u8cc7\u8a0a\u3002\u8acb\u53c3\u8003\uff1a <\/p>\n MSTIC blog: https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/<\/a> \u548c Q:\u6211\u53ef\u4ee5\u5728\u54ea\u88e1\u627e\u5230\u95dc\u65bc\u9019\u4e9b<\/b>Exchange Server\u6f0f\u6d1e\u7684\u53ef\u4fe1\u8cc7\u8a0a\uff1f<\/b><\/b> <\/p>\n A: \u95dc\u65bc\u6f0f\u6d1e\u7d30\u7bc0\u7684\u6700\u4f73\u8cc7\u6e90\u90fd\u5728CVE\u7684\u9801\u9762\uff0c\u4ee5\u53ca\u5e95\u4e0bMSTIC\u7684\u90e8\u843d\u683c\u6587\u7ae0\u4e2d\u3002 <\/p>\n Related Resources \u200b <\/p>\n <\/p>\n \u89aa\u611b\u7684\u5408\u4f5c\u5925\u4f34, <\/font> <\/p>\n \u8acb\u5927\u5bb6\u52d9\u5fc5\u56b4\u8085\u770b\u5f85\u9019\u500b\u4e8b\u4ef6\u3002\u9019\u5df2\u7d93\u662f\u5fae\u8edf\u904e\u53bb12\u500b\u6708\u7b2c8\u6b21\u516c\u958b\u63ed\u9732Nation-State \u7d44\u7e54\u653b\u64ca\u4e8b\u4ef6\uff0c\u65e5\u524d\u518d\u6b21\u7d93\u7531Volexity and Dubex\u7814\u7a76\u4eba\u54e1\u901a\u5831\u5fae\u8edf\u9019\u7a2e\u578b\u5f0f\u7684\u653b\u64ca\u884c\u70ba\u3002<\/font> <\/p>\n \u8a73\u7d30\u8aaa\u660e\uff0c\u8acb\u53c3\u8003\u525b\u91cb\u51fa\u7684\u6587\u4ef6\u3002 https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/<\/a> <\/p>\n \u82e5\u5408\u4f5c\u5925\u4f34\u6216\u5ba2\u6236\u5e0c\u671b\u6709\u4e00\u500b\u597d\u7684\u5de5\u5177\u53ef\u4ee5\u6aa2\u6e2c\u76ee\u524dExchange\u7684\u5065\u5eb7\u72c0\u6cc1\uff0c\u60a8\u53ef\u4ee5\u900f\u904eGitHub\u4e0b\u8f09Exchange Server Health Checker Script. <\/p>\n\n
Download Security Update For Exchange Server 2019 Cumulative Update 7 (KB5000871)<\/a>\u200b
Download Security Update For Exchange Server 2016 Cumulative Update 19 (KB5000871)<\/a>\u200b
Download Security Update For Exchange Server 2016 Cumulative Update 18 (KB5000871)<\/a>\u200b
Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB5000871)<\/a>\u200b\n![\"image\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/image_thumb.png\" "\\"image\\"")
<\/a> <\/p>\n![\"image\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/image_thumb-1.png\" "\\"image\\"")
<\/a> <\/p>\n![\"image\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/image_thumb-2.png\" "\\"image\\"")
<\/a> <\/p>\n\n
![\"image\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/image_thumb-3.png\" "\\"image\\"")
<\/a><\/p>\n![\"clip_image001\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image001_thumb.png\" "\\"clip_image001\\"")
<\/a> <\/p>\n![\"clip_image003\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image003_thumb.png\" "\\"clip_image003\\"")
<\/a> <\/p>\n![\"clip_image005\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image005_thumb.png\" "\\"clip_image005\\"")
<\/a> <\/p>\n![\"clip_image007\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image007_thumb.png\" "\\"clip_image007\\"")
<\/a> <\/p>\n![\"clip_image009\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image009_thumb.png\" "\\"clip_image009\\"")
<\/a> <\/p>\n![\"clip_image010\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image010_thumb.png\" "\\"clip_image010\\"")
<\/a> <\/p>\n![\"clip_image001[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0014_thumb.png\" "\\"clip_image001[4]\\"")
<\/a> <\/p>\n![\"clip_image003[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0034_thumb.png\" "\\"clip_image003[4]\\"")
<\/a> <\/p>\n![\"clip_image005[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0054_thumb.png\" "\\"clip_image005[4]\\"")
<\/a> <\/p>\n![\"clip_image007[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0074_thumb.png\" "\\"clip_image007[4]\\"")
<\/a> <\/p>\n![\"clip_image009[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0094_thumb.png\" "\\"clip_image009[4]\\"")
<\/a> <\/p>\n![\"clip_image010[4]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0104_thumb.png\" "\\"clip_image010[4]\\"")
<\/a> <\/p>\n![\"clip_image001[6]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0016_thumb.png\" "\\"clip_image001[6]\\"")
<\/a> <\/p>\n![\"clip_image003[6]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0036_thumb.png\" "\\"clip_image003[6]\\"")
<\/a> <\/p>\n![\"clip_image005[6]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0056_thumb.png\" "\\"clip_image005[6]\\"")
<\/a> <\/p>\n![\"clip_image007[6]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0076_thumb.png\" "\\"clip_image007[6]\\"")
<\/a> <\/p>\n![\"clip_image009[6]\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image0096_thumb.png\" "\\"clip_image009[6]\\"")
<\/a> <\/p>\n![\"clip_image011\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image011_thumb.png\" "\\"clip_image011\\"")
<\/a> <\/p>\n![\"clip_image013\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image013_thumb.png\" "\\"clip_image013\\"")
<\/a> <\/p>\n![\"clip_image015\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image015_thumb.png\" "\\"clip_image015\\"")
<\/a> <\/p>\n![\"clip_image017\"](\"http:\/\/i-services.info\/mscloud\/wp-content\/uploads\/2021\/03\/clip_image017_thumb.jpg\" "\\"clip_image017\\"")
<\/a> <\/p>\n
On the Issues (MOTI) blog: https:\/\/blogs.microsoft.com\/on-the-issues\/?p=64505<\/a>. \u200b <\/p>\n\n