You may have heard rumblings across the Internet of a giant Microsoft Exchange vulnerability that raised its ugly head this week. On Tuesday evening, Microsoft announced the existence of four critical zero-day security vulnerabilities affecting all current versions of Microsoft Exchange Server. That’s the same time we stepped up to make sure that all DataYard and our clients’ servers were patched and secured as soon as possible.
Starting at 2AM on Wednesday morning, our engineers began installing the needed upgrades and patches to all DataYard managed Microsoft Exchange servers . The Exchange infrastructures in question were quickly updated and rebooted, after which point DataYard engineers took a deeper dive to determine if there were any lingering threats.
In many cases across the globe this security vulnerability had already been exploited in an attempt to open a backdoor to critical and private data – our customers were no exception. DataYard engineers discovered malicious web shells which had been remotely uploaded by nefarious bots in the final days of February 2021. While a malicious shell was indeed uploaded on these systems to provide access to a bad actor in the future, there is no evidence to suggest that the shell was ever accessed or utilized after the initial automated upload.
As of 2PM on Thursday (3/4/21), DataYard had completed the following for all of our managed VIP clients:
- Determined if the VIP was vulnerable to the exploit in question
- Updated OS when applicable
- Installed critical security patches
- Reboot and test
- Removed all malicious files remotely updated by third parties
- Investigated all system logs to ensure no malicious files were executed:
- Network traffic logs
- System events logs
- Exchange application logs
- Remote login records
At this point, the team at DataYard is confident to give all of our managed Exchange VIP systems a thumbs-up and a clean bill of health. We appreciated the trust and confidence that all of our client partners have in DataYard – we are happy to have helped to avoid this nasty security breach and potential data compromise. Please let us know if you have any questions or requests to help make IT better.
Have a fantastic weekend,
The DataYard Team