It is important to note that this tool is effective only against attacks and exploits seen to date and is not guaranteed to fix attacks that may emerge in the immediate future – therefore, it should only be used as a temporary fix until full updates can be applied. It should not affect any Exchange Server functionality.
Once it has run, the new tool will mitigate against current known attacks exploiting CVE-2021-26855 – the initial entry vector, a server-side request vulnerability that enables a malicious actor to send arbitrary HTTP requests and authenticate as their target Exchange server – using a URL rewrite configuration, scan the Exchange Server for any issues, and attempt to reverse any changes that identified threats may have made. Users who are already running Microsoft Safety Scanner should continue to do so to assist with further mitigations. Users who wish to take advantage of the tool should download it from Microsoft here, and run it on their Exchange Servers immediately, prior to following the established guidance here. “This tool is not a replacement for the Exchange security update, but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premise Exchange Servers prior to patching.”
“By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed,” said Microsoft in its release notes. Tested across Exchange Server 2013, 20 deployments, Microsoft said the new tool was supposed to serve as an “interim mitigation” for users who may not necessarily be familiar with standard patch and update procedures, or who have not yet applied the updates, which dropped on 2 March.
Redmond said it had been working actively with customers through its support teams, third-party hosting providers and its channel partner network to help them secure their environments and respond to threats resulting from attacks exploiting ProxyLogon – which began through a state-linked Chinese group known as Hafnium and have since spread far and wide to be exploited by many others, including ransomware gangs.īased on these engagements, Microsoft’s teams realised there was a clear need for a “simple, easy-to-use, automated” solution to meet the needs of customers using current and out-of-support versions on on-premise Exchange Server.
0 kommentar(er)
