Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Abed_AL-R's avatar
Abed_AL-R
Icon for Cirrostratus rankCirrostratus
5 years ago

hafnium attack | exchange iapp

Hi we're publishing the owa/outlook through f5 ltm and yesterday we received and update that new kind of attack is targeting exchange servers https://www.microsoft.com/security/blog/2021/03/02/...
iApps
LTM
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
5 years ago

APM seems like the way to go, if you add authentication before traffic reaching the Exchange server you have a good protection.

 

it remains kinda unclear in which path the attacks focus, this website suggests one. but things move quickly probably.

 

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

 

boneyard's avatar
boneyard
Icon for MVP rankMVP
5 years ago

if you have ASM / AWAF this is useful to check:

 

https://devcentral.f5.com/s/articles/HAFNIUM-APT-Group-Exploiting-Microsoft-Exchange-Vulnerabilities

  • Abed_AL-R's avatar
    Abed_AL-R
    Icon for Cirrostratus rankCirrostratus
    5 years ago

    Thank you boneyard :) Great articles

    We do have the APM along with 2fa on the OWA

    we'll check also the ASM option

    I saw also that DevCentral published ASM template to have OWA in blocking mode from day one

    https://devcentral.f5.com/s/articles/new-asm-outlook-web-access-owa-2016-template-for-bigip-v13-29413