Microsoft’s Security Response Center has released a new one-click tool to help admins shield their Microsoft Exchange email (opens in new tab) servers against the widely exploited vulnerabilities (opens in new tab) that were reported earlier this month.
The Microsoft Exchange On-Premises Mitigation Tool comes in response to the increasing number of exploits based on four zero-day vulnerabilities that were first exploited by the Chinese state-sponsored Hafnium group.
Just as security researchers had predicted (opens in new tab), several other threat actors piggybacked on the vulnerabilities to launch all sorts of malicious campaigns including dropping malware (opens in new tab) such as the DearCry ransomware (opens in new tab).
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- We've put together a list of the best endpoint protection (opens in new tab) software
- Check our list of the best firewall apps and services (opens in new tab)
- Here’s our roundup of the best identity theft protection (opens in new tab) tools
Click to patch
“This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update,” Microsoft said in a blog post (opens in new tab).
The company has already released patches to mitigate the four vulnerabilities collectively known as ProxyLogon, and has been urging companies to update their Exchange servers as soon as possible.
But after speaking to customers, Microsoft found that it needed to come up with a different mechanism for deploying the patches (opens in new tab).
“....we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,” shares Microsoft.
The new one-click tool, which is essentially a PowerShell script, will help small businesses (opens in new tab) that lack dedicated IT or security teams to install the patches without any technical know-how. Microsoft says it has tested the new tool across Exchange Server 2013, 2016, and 2019 deployments.
- Protect your devices with these best antivirus software (opens in new tab)
Via: BleepingComputer (opens in new tab)