Security News > 2021 > March > Microsoft Ships One-Click Mitigation Tool for Exchange Attacks
Microsoft's scramble to address the fallout from the zero-day attacks against on-prem Exchange Server installations continued this week with the release of a one-click mitigation tool help businesses contain the damage.
The new Exchange On-premises Mitigation Tool is aimed at companies without dedicated security or IT teams to manage patching and post-incident forensics.
Microsoft said the tool has been tested across Exchange Server 2013, 2016, and 2019 deployments and is meant to be "An interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update."
"This tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange Servers prior to patching," Microsoft warned.
Scripts from Microsoft for checking IOCs related to the China-linked threat actor HAFNIUM, and for detecting malicious files on Exchange servers.
Nmap script made by researcher Kevin Beaumont can be used to scan a network for potentially vulnerable Microsoft Exchange servers.
News URL
Related news
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Citrix shares mitigations for ongoing Netscaler password spray attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)