Microsoft tool provides automated Exchange threat mitigation – Security

Maria J. Danford

Microsoft has launched a PowerShell script to assistance shoppers jogging its Trade Server on-premises program to rapidly and very easily mitigate versus an assault chain of vulnerabilities that is under major exploitation at present.

The Trade On-Premises Mitigation Instrument or EOMT is advisable over Microsoft’s previously ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform useful resource locator (URL) rewrite configuration.

This, Microsoft stated, mitigates versus the regarded approaches of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which kinds the initial part of a four-phase assault chain that can lead to total method compromise.

On leading of mitigating versus CVE-2021-26855, EOMT is thoroughly automatic and downloads all the dependencies it requires.

EOMT also operates the Microsoft Basic safety Scanner to detect malware on influenced Trade Servers, and tries to remediate compromises detected.

The resource requires PowerShell three or later, and Online Info Services seven.five or superior. 

Microsoft has tested EOMT on Trade 2013, 2016 and 2019, without the need of adverse consequences discovered so considerably.

Trade directors are suggested that EOMT need to only be utilised as a temporary mitigation evaluate right up until their servers can be thoroughly current.

Exploitation of unpatched servers proceeds throughout the world with experiences of ransomware becoming mounted on them, alongside with webshells for information exfiltration.

Doing work jointly with Microsoft, stability seller RiskIQ tracked the Trade patching development, and observed that on March 12, Australia had over 2100 susceptible servers. Globally the variety is over 80,000.

Next Post

Microsoft could reap more than $193m in new US cyber spending - Security

Microsoft stands to acquire virtually a quarter of Covid reduction funds destined for US cybersecurity defenders, angering some lawmakers who will not want to improve funding for a company whose software was not too long ago at the heart of two huge hacks. Congress allotted the funds at concern in […]

Subscribe US Now