Security News > 2021 > March > Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix

As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept whirlwind has started up.

Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange servers.

Microsoft originally identified more than 400,000 on-premise Exchange servers that were at-risk when the patches were first released on March 2.

"If you have an Exchange server unpatched and exposed to the internet, your organization is likely already breached. One reason the response may be so slow is many organizations may not realize they have exchange servers exposed to the Internet-this is a common issue we see with new customers."

"Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments," according to a post published by Microsoft.

That's according to an analysis from Trustwave SpiderLabs, which found that China Chopper is specifically being uploaded to compromised Microsoft Exchange servers with a publicly facing Internet Information Services web server.

News URL

https://threatpost.com/microsoft-exchange-cyberattacks-one-click-fix/164817/