During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065).

On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a number of Microsoft Exchange product versions. Ongoing and escalating exploitation by a threat actor identified by the company as HAFNIUM, as well as several other clusters of malicious cyber actors, makes the importance of immediate patch installation critical. CTA members are working to support customers in responding to this threat, including by sharing pre-release blog posts through CTA’s Early Sharing program to ensure that industry response efforts are aligned with the most up-to-date understanding of this new and significant threat.

As we did with the SolarWinds / SUNBURST campaign that surfaced in late 2020, CTA will be collating relevant threat reports, blog posts, and advice around protections and mitigations from our members in order to support other organizations in responding to this incident.

As new materials and insights are released, we will add them to this blog post.
NOTE: In addition to resources produced by our members, CTA encourages readers to leverage and share this high-level, non-technical advice for senior executives of small and medium-sized organizations produced by the Institute for Security & Technology’s Ransomware Task Force, in which CTA and a number of our members participate.


Check Point





Palo Alto Networks






Symantec – A Division of Broadcom



(Last updated 1:00PM EST, March 24, 2021)

Back to News