Microsoft has launched a PowerShell script to assistance shoppers jogging its Trade Server on-premises program to rapidly and very easily mitigate versus an assault chain of vulnerabilities that is under major exploitation at present.
The Trade On-Premises Mitigation Instrument or EOMT is advisable over Microsoft’s previously ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform useful resource locator (URL) rewrite configuration.
This, Microsoft stated, mitigates versus the regarded approaches of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which kinds the initial part of a four-phase assault chain that can lead to total method compromise.
Microsoft has launched a new, a single-simply click mitigation resource to assistance shoppers who do not have focused stability or IT groups to use the Trade stability updates
1⃣ Applies CVE-2021-26855 mitigation
2⃣ Runs MSERT scan
3⃣ Reverse any modifications produced by identified threats pic.twitter.com/UEhNQC8NEM
— Tanmay Ganacharya (@tanmayg) March fifteen, 2021
On leading of mitigating versus CVE-2021-26855, EOMT is thoroughly automatic and downloads all the dependencies it requires.
EOMT also operates the Microsoft Basic safety Scanner to detect malware on influenced Trade Servers, and tries to remediate compromises detected.
The resource requires PowerShell three or later, and Online Info Services seven.five or superior.
Microsoft has tested EOMT on Trade 2013, 2016 and 2019, without the need of adverse consequences discovered so considerably.
Trade directors are suggested that EOMT need to only be utilised as a temporary mitigation evaluate right up until their servers can be thoroughly current.
Exploitation of unpatched servers proceeds throughout the world with experiences of ransomware becoming mounted on them, alongside with webshells for information exfiltration.
Doing work jointly with Microsoft, stability seller RiskIQ tracked the Trade patching development, and observed that on March 12, Australia had over 2100 susceptible servers. Globally the variety is over 80,000.