Microsoft has launched a PowerShell script to help prospects operating its Exchange Server on-premises computer software to quickly and effortlessly mitigate towards an assault chain of vulnerabilities that is less than major exploitation now.
The Exchange On-Premises Mitigation Device or EOMT is advisable more than Microsoft’s previously ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability via a uniform source locator (URL) rewrite configuration.
This, Microsoft explained, mitigates towards the recognised strategies of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which varieties the to start with aspect of a four-stage assault chain that can guide to total program compromise.
Microsoft has launched a new, 1-simply click mitigation resource to help prospects who do not have dedicated protection or IT teams to use the Exchange protection updates
1⃣ Applies CVE-2021-26855 mitigation
2⃣ Runs MSERT scan
3⃣ Reverse any modifications designed by discovered threats pic.twitter.com/UEhNQC8NEM
— Tanmay Ganacharya (@tanmayg) March fifteen, 2021
On major of mitigating towards CVE-2021-26855, EOMT is completely automatic and downloads all the dependencies it involves.
EOMT also operates the Microsoft Basic safety Scanner to detect malware on influenced Exchange Servers, and makes an attempt to remediate compromises detected.
The resource involves PowerShell 3 or later on, and Online Data Expert services seven.5 or far better.
Microsoft has analyzed EOMT on Exchange 2013, 2016 and 2019, devoid of adverse effects found so considerably.
Exchange administrators are encouraged that EOMT must only be utilized as a non permanent mitigation evaluate until their servers can be completely current.
Exploitation of unpatched servers continues around the globe with reviews of ransomware staying set up on them, alongside with webshells for facts exfiltration.
Performing collectively with Microsoft, protection seller RiskIQ tracked the Exchange patching development, and mentioned that on March 12, Australia experienced more than 2100 susceptible servers. All over the world the amount is more than eighty,000.