Alert - Microsoft Exchange Vulnerabilities

This Alert is intended for healthcare Information Technology (IT) Teams - ensuring necessary patches to address vulnerabilities have been applied in your environment.

You may or may not have heard about the active exploitation of Microsoft Exchange Vulnerabilities. Several cybersecurity advisory service providers sent out an alert recently, and we're also sharing an alert that was published by the Canadian Centre for Cyber Security, Government of Canada about these vulnerabilities. 

Microsoft published security updates to address critical vulnerabilities in multiple Microsoft Exchange products.

These vulnerabilities may be exploited by cyber criminals to gain access and deploy web shells on the compromised servers. Web shells potentially allow actors to steal data and perform additional malicious actions that lead to further compromise. 

It is critical that those who lead Information Technology (IT) and security are fully informed about this matter. 

We strongly encourage those responsible for information security in your organization to subscribe to security advisory services such as the ones noted below:

• Canadian Centre for Cyber Security, Government of Canada
• Cyber Security Education & Centre of Excellence Unit, Ontario Government 

In the event of a breach, Subscribers are encouraged to immediately notify HIROC to ensure we are best able to assist you through the loss or breach. 

This support includes retaining the appropriate IT/forensic cyber experts, external legal advice, financial support, and guidance around potential disclosure requirements. 

Questions? Please contact Kopiha Nathan, HIROC's Privacy and Compliance Officer