Friday, September 24, 2021

Microsoft releases tool for Exchange Server hacks

Must Read

Americold hit by cyberattack services are downed

US cold storage company Americold has been struck by what seems to be a ransomware attack impacting business operations.The...

Countering Threat Data Overload: The Significance of Curation

Now cybersecurity professionals are confronted with the monumental challenge of navigating an increasingly intricate threat landscape.The mass change...

U.S DOJ charges 4 Chinese nationals for the global hacking campaign

The Justice Department announced charges against four Chinese nationals on Monday, accusing the men of being part of a...

Microsoft has released a one-click mitigation tool as a stop-gap for IT admins who still need to apply security patches to protect their Exchange servers.

This month, Microsoft disclosed that four zero-day vulnerabilities were being actively used in attacks against Microsoft Exchange.

These vulnerabilities are collectively known as ProxyLogon and are being used by threat actors to drop web shells, crypto miners, and more recently, the DearCry ransomware on exploited servers.

Microsoft released emergency fixes for the critical vulnerabilities on March 2. However, the company estimates that at least 82,000 internet-facing servers are still unpatched and vulnerable to attack.

Today, Microsoft released the EOMT one-click PowerShell script so that small business owners who do not have dedicated or security teams can get further help securing their Microsoft Exchange servers.

It is important to note the tool is not an alternative to patching but should be considered a means to mitigate the risk of exploitation until the update has been applied — which should be completed as quickly as possible Microsoft warned.

If you have not deployed the latest security update, follow the below steps to protect your Exchange server.

• Download the EOMT tool.

• Run it on Exchange servers immediately.

• Follow the more detailed guidance here to ensure that your on-premises Exchange is protected.

• If you are already using Microsoft Safety Scanner, it is still live and Microsoft recommends keeping this running as it can be used to help with additional mitigations.

In related news this week, Microsoft reportedly began investigating the potential leak of Proof-of-Concept (POC) attack code supplied privately to cybersecurity partners and vendors ahead of the zero-day public patch release.

The company says that no conclusions have yet been drawn over attack spikes related to the vulnerabilities. 

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This