Security News > 2021 > March > Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks
Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks.
Called Exchange On-premises Mitigation Tool, the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using the Microsoft Safety Scanner for any deployed web shells, and attempt to remediate the detected compromises.
"This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update," Microsoft said.
While the breadth of the intrusions is being assessed, Microsoft is also reportedly investigating how the "Limited and targeted" attacks it detected in early January picked up steam to quickly morph into a widespread mass exploitation campaign, forcing it to release the security fixes a week before it was due.
The Wall Street Journal on Friday reported that investigators are focused on whether a Microsoft partner, with whom the company shared information about the vulnerabilities through its Microsoft Active Protections Program, either accidentally or purposefully leaked it to other groups.
It is also being claimed that some tools used in the "Second wave" of attacks towards the end of February are similar to proof-of-concept attack code that Microsoft shared with antivirus companies and other security partners on February 23, raising the possibility that threat actors may have gotten their hands on private disclosure that Microsoft shared with its security partners.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |