Microsoft releases tool for Exchange Server hacks

Microsoft releases tool for Exchange Server hacks

Microsoft has released a one-click mitigation tool as a stop-gap for IT admins who still need to apply security patches to protect their Exchange servers.

This month, Microsoft disclosed that four zero-day vulnerabilities were being actively used in attacks against Microsoft Exchange.

These vulnerabilities are collectively known as ProxyLogon and are being used by threat actors to drop web shells, crypto miners, and more recently, the DearCry ransomware on exploited servers.

Microsoft released emergency fixes for the critical vulnerabilities on March 2. However, the company estimates that at least 82,000 internet-facing servers are still unpatched and vulnerable to attack.

Today, Microsoft released the EOMT one-click PowerShell script so that small business owners who do not have dedicated or security teams can get further help securing their Microsoft Exchange servers.

It is important to note the tool is not an alternative to patching but should be considered a means to mitigate the risk of exploitation until the update has been applied — which should be completed as quickly as possible Microsoft warned.

If you have not deployed the latest security update, follow the below steps to protect your Exchange server.

• Download the EOMT tool.

• Run it on Exchange servers immediately.

• Follow the more detailed guidance here to ensure that your on-premises Exchange is protected.

• If you are already using Microsoft Safety Scanner, it is still live and Microsoft recommends keeping this running as it can be used to help with additional mitigations.

In related news this week, Microsoft reportedly began investigating the potential leak of Proof-of-Concept (POC) attack code supplied privately to cybersecurity partners and vendors ahead of the zero-day public patch release.

The company says that no conclusions have yet been drawn over attack spikes related to the vulnerabilities. 

Leave a Reply

Your email address will not be published.