Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management

Microsoft Issues Mitigation Tool for an Exchange Server Flaw

One-Click Mitigation Tool Provides Quick Fix for ProxyLogon Exchange Flaw
Microsoft Issues Mitigation Tool for an Exchange Server Flaw

Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched ProxyLogon flaw in on-premises Microsoft Exchange servers.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

The one-click mitigation tool can assist Microsoft customers who are running either current or no longer supported on-premises versions of Exchange server to mitigate the risk until they can fully implement a patch.

The company warned last week that hackers were exploiting four unpatched flaws in Exchange servers. It has issued patches for all of the flaws (see: Microsoft Patches Four Zero-Day Flaws in Exchange).

Microsoft says it has tested the interim tool to mitigate the ProxyLogon Exchange flaw, CVE-2021-26855, on Exchange Server 2013, 2016 and 2019.

"This new tool is designed as interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update," the company says. "This tool is not a replacement for the Exchange security update, but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange servers prior to patching."

Tool Deployment

Once the interim tool is downloaded and deployed, users should follow Microsoft's guidance to ensure that their Exchange server is protected, the company says.

The tool comes with the latest Microsoft Safety Scanner and will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed, the company notes.

"If you are already using Microsoft Safety Scanner, it is still live, and we recommend keeping this running as it can be used to help with additional mitigations," the company states.

Exploiting Vulnerabilities

Last week, when Microsoft first released security updates to patch the flaws, it warned that a new Chinese APT group, which it calls Hafnium, had been exploiting the vulnerabilities.

The security firm ESET, however, reports that at least 10 APT groups have been exploiting the flaws.

Some Exchange servers with the unpatched ProxyLogon flaw are being targeted by DearCry ransomware, which security company Sophos describes as "unsophisticated" and apparently "created by a beginner."

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.