Microsoft tool provides automated Exchange threat mitigation

By on
Microsoft tool provides automated Exchange threat mitigation

Halts first part of exploit chain.

Microsoft has released a PowerShell script to help customers running its Exchange Server on-premises software to quickly and easily mitigate against an attack chain of vulnerabilities that is under heavy exploitation currently.

The Exchange On-Premises Mitigation Tool or EOMT is recommended over Microsoft's earlier ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform resource locator (URL) rewrite configuration.

This, Microsoft said, mitigates against the known methods of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which forms the first part of a four-stage attack chain that can lead to full system compromise.

On top of mitigating against CVE-2021-26855, EOMT is fully automated and downloads all the dependencies it requires.

EOMT also runs the Microsoft Safety Scanner to detect malware on affected Exchange Servers, and attempts to remediate compromises detected.

The tool requires PowerShell 3 or later, and Internet Information Services 7.5 or better. 

Microsoft has tested EOMT on Exchange 2013, 2016 and 2019, without adverse effects discovered so far.

Exchange administrators are advised that EOMT should only be used as a temporary mitigation measure until their servers can be fully updated.

Exploitation of unpatched servers continues worldwide with reports of ransomware being installed on them, along with webshells for data exfiltration.

Working together with Microsoft, security vendor RiskIQ tracked the Exchange patching progress, and noted that on March 12, Australia had over 2100 vulnerable servers. Worldwide the number is over 80,000.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?