Security News > 2021 > March > Microsoft's MSERT tool now finds web shells from Exchange Server attacks
Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks.
On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web servers.
When Microsoft disclosed these attacks, they had released updated signatures for Microsoft Defender that will detect the web shells installed using the zero-day vulnerabilities.
B. For organizations not using Microsoft Defender, Microsoft has added the updated signatures to their Microsoft Safety Scanner standalone tool to help organizations find and remove web shells used in these attacks.
Using Microsoft Safety Scanner to remove web shells.
Microsoft Safety Scanner, also known as the Microsoft Support Emergency Response Tool, is a standalone portable antimalware tool that includes Microsoft Defender signatures to scan for and remove detected malware.
News URL
Related news
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)