iTWire Wednesday, 17 March 2021 11:30 Microsoft offers mitigation for Exchange attack, silent on alleged code leak Featured Pixabay
Microsoft has offered users of Exchange Server a means of mitigating the so-called ProxyLogon attack, a one-click tool that it says has been tested across the 2013, 2016 and 2019 versions of Exchange Server.
But the company said the tool was not totally fool-proof.
The company has not said anything about reports emerging last Friday that exploit code for attacking mail servers had been leaked by Microsoft s security partners.
The Wall Street Journal
cited people familiar with the matter as making the claim. A wave of attacks used code similar to that which Microsoft provided to anti-virus companies on 23 February, the report claimed.
Hit by multiple hacking on its business email servers, Microsoft has released a new, one-click mitigation tool to help customers who do not have dedicated security or IT teams to apply key security updates.Called Microsoft Exchange On-Premises .
minute read
Share this article:
Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.
As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept (PoC) whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity.
The good news, however, is that Microsoft has issued a one-click mitigation and remediation tool in light of the ongoing swells of attacks.
Researchers said that while advanced persistent threats (APTs) were the first to the game when it comes to hacking vulnerable Exchange servers, the public PoCs mean that the cat is officially out of the bag, meaning that less sophisticated cybercriminals can start to leverage the opportunity.
Microsoft launches Exchange mitigation tool to assist customers apply critical security updates siliconangle.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from siliconangle.com Daily Mail and Mail on Sunday newspapers.
The new one-click Microsoft Exchange On-Premises Mitigation Tool is meant to serve as an interim mitigation for those that aren t familiar with the patching process or that haven t yet applied the Exchange security updates released on March 2, Microsoft explains in a blog post. The company last reported some 82,000 Exchange Servers remain vulnerable to the exploits.
This is not a replacement for the Exchange Server security update, Microsoft says, but it is an efficient way to defend against the highest risks to Internet-connected, on-premises Exchange Servers for organizations that haven t yet applied the patch. The tool has been tested across Exchange Server 2013, 2016, and 2019, all of which are affected by the recently patched flaws.