Microsoft has released a single-click mitigation tool for its Exchange Servers to protect against the ProxyLogon vulnerability affecting tens of thousands of customers.
The Exchange On-Premises Mitigation Tool (EOMT) will make the process of patching and protecting vulnerable Exchange Servers as simple as possible following a fortnight of breaches and issues for Microsoft Exchange Server customers, let alone the security researchers attempting to secure vulnerable networks.
Microsoft Releases Easy to Use Exchange Server Protection Tool
The Exchange On-Premises Mitigation Tool comes not a moment too soon for business owners and organizations battling the ProxyLogon vulnerability affecting Microsoft Exchange Servers.
Since the ProxyLogon vulnerability announcement, first exploited by the Hafnium hacking group, thousands of Microsoft Exchange Servers have been attacked.
Hafnium combined four zero-day vulnerabilities into an attack vector. If exploited, the attacker can target the server with cryptomining malware, web shells, and, as reported by the ID-Ransomware team, even the DearCry ransomware.
In its official Microsoft Security Response Center blog post, Microsoft recognized the need for a much easier way of protecting vulnerable Exchange Servers.
We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated threats from the recent Exchange Server on-premises attacks. Based on these engagements we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server
EOMT is a PowerShell script Microsoft Exchange Server customers can run with a single click. The script performs three key actions:
- Mitigates known attacks using the ProxyLogon vulnerability
- Scans the Microsoft Exchange Server for threats and other issues
- Attempts to reverse any issues or changes made by said threats
However, Microsoft also advises that EOMT "should only be used as a temporary mitigation until your Exchange servers can be fully updated." EOMT isn't a complete ProxyLogon fix but should help businesses and other organizations get to grips with the vulnerability.
Big Security Stories Keep Coming for Microsoft
Microsoft is always in the news, and security stories are never far from the headlines. Hot on the tail of SolarWinds was the Microsoft Exchange Server attack, which has claimed thousands of victims so far.
Twitter and other online forums are full of tired and exasperated security researchers attempting to secure Exchange Servers under their charge. Simultaneously, more threat actors pick up on how the vulnerabilities work and how to exploit vulnerable hardware.
The Exchange On-Premises Mitigation Tool might provide some relief from the frontline of the attack. But, as Microsoft's blog post asserts, you're not out of the woods until your Exchange Server is completely updated.