Microsoft tool provides automated Exchange threat mitigation

By

Halts first part of exploit chain.

Microsoft has released a PowerShell script to help customers running its Exchange Server on-premises software to quickly and easily mitigate against an attack chain of vulnerabilities that is under heavy exploitation currently.

Microsoft tool provides automated Exchange threat mitigation

The Exchange On-Premises Mitigation Tool or EOMT is recommended over Microsoft's earlier ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform resource locator (URL) rewrite configuration.

This, Microsoft said, mitigates against the known methods of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which forms the first part of a four-stage attack chain that can lead to full system compromise.

On top of mitigating against CVE-2021-26855, EOMT is fully automated and downloads all the dependencies it requires.

EOMT also runs the Microsoft Safety Scanner to detect malware on affected Exchange Servers, and attempts to remediate compromises detected.

The tool requires PowerShell 3 or later, and Internet Information Services 7.5 or better. 

Microsoft has tested EOMT on Exchange 2013, 2016 and 2019, without adverse effects discovered so far.

Exchange administrators are advised that EOMT should only be used as a temporary mitigation measure until their servers can be fully updated.

Exploitation of unpatched servers continues worldwide with reports of ransomware being installed on them, along with webshells for data exfiltration.

Working together with Microsoft, security vendor RiskIQ tracked the Exchange patching progress, and noted that on March 12, Australia had over 2100 vulnerable servers. Worldwide the number is over 80,000.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
exchangemicrosoftransomwaresecurity

Sponsored Whitepapers

Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?