Mcafee has released an article to keep customers informed about the coverage. Please refer to the below link and subscribe to it so that if there are any updates you will be informed.
McAfee coverage for Exchange Servers targeted with zero-day exploits by the HAFNIUM Threat Group
Technical Articles ID: KB94270
I hope this helps, let us know if you have any queries.
Thank you for the reply.
While waiting, can we get any data from the Active Response module queries based on the attachment below?
We have deployed the active response in order to do some forensic work.
MS has deployed hunting queries (see attached)
Update in KB94270
March 5, 2021Added Extra.DAT attachment.
Campaign can be found by searching for: Exchange Servers targeted with zero-day exploits by the HAFNIUM Threat Group
Is the extra.dat file still needed?
At what point will this be covered through the normal DAT update process?
Is this covered in both VSE and ENS for Windows servers?
HI @web1b ,
The ED contains coverage for a specific IOC that is now covered via regular DAT. ED is no more necessary unless we have further developments that we shall duly update to all of our Customers via the KB.