cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
galih27
Level 9
Report Inappropriate Content
Message 1 of 6

MS.EXchange Hafnium Zero Day Attack

hello tim are there any related updates other than extra dat from mcafee related ms.exchange hafnium

5 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: MS.EXchange Hafnium Zero Day Attack

Hi @galih27,

Thank you or reaching out to us.

Please find below our Published KBA where we intend to keep our Customers and users updated on our coverage for this campaign. An attached ED for one of the samples obtained is available as well in the same KBA:

McAfee coverage for Exchange Servers targeted with zero-day exploits by the HAFNIUM Threat Group

https://kc.mcafee.com/corporate/index?page=content&id=KB94270

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
galih27
Level 9
Report Inappropriate Content
Message 3 of 6

Re: MS.EXchange Hafnium Zero Day Attack

 

hello sir I already did distribution regarding extradate when mcafee first issued it. hopefully this extradate can include hafnium detection

thankss...

hafnium.png

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: MS.EXchange Hafnium Zero Day Attack

Hi @galih27,

Thank you for your kind response. While EXTAR DAT is offering coverage for only one of the samples identified so far, we strongly recommend patching your exchange Server to prevent against any of the attacks that may happen with the outlined Vulnerabilities while we further research in to the other CVEs as described in the KBA.

Also, You can be assured that as of now EXTRA DAT is not required as I just verified that this is now covered via the latest DAT/Amcore content available with us.

I sincerely hope this helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: MS.EXchange Hafnium Zero Day Attack

What is the detection name that we can use in the ePO to search for detections?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: MS.EXchange Hafnium Zero Day Attack

HI @dv_the_admin,

Thank you for your query. As shared in the screenshot above, the Detection Name is Java/Agent.f.

I sincerely hope this helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community