Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulse Secure ActiveSync and Hafnium

CommSysRST
New Member
‎03-10-2021 10:38:AM
‎03-10-2021 10:38:AM

Pulse Secure ActiveSync and Hafnium

The Ms Exchange hack is obviously a mess. We have been fortunate in that almost all interfaces to our exchange server have isolated from the outside. The only one, which is now shut-off, was the activesync connection through our pulse secure box.

Is there any sense of level of exposure that the activesync connection presented with the Hafnium hack? Using the microsoft and other scripts, we don't appear to have any symptoms of Indications of Compromise (IOC). However we talked about it internally, and cannot judge the nature of the exposure we had with the pulse secure ativesync connection.

Does anyone have thoughts in this regard?

 

Bob

 

0 Kudos
1 REPLY 1
r@yElr3y
Moderator
Moderator
‎03-14-2021 08:49:AM
‎03-14-2021 08:49:AM

Re: Pulse Secure ActiveSync and Hafnium

@CommSysRST 

It is important to note that Pulse Secure will allow access to the resources configured under Activesync policy (optionally, we can enforce certificate authentication) and expects the backend OWA/Exchange server to authenticate the users who are accessing the resources (just like any other reverse proxy solutions or Load balancers).

 

If you don't find any trace present in the Exc. servers as described by MS, then you should be safe.

 

Reference:

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.