You can now find Cyber Kendra on Google News | Telegram

Microsoft Release ProxyLogon Vulnerabilities Mitigation Tool

The Exchange On-premises Mitigation Tool PowerShell script can scan Exchange servers for shells deployed.

Microsoft has released software to prevent attacks on Microsoft Exchange servers that exploit ProxyLogon vulnerabilities.

The PowerShell script, dubbed the Exchange On-premises Mitigation Tool (EOMT), is capable of scanning Exchange servers for any command interpreters deployed, as well as attempting to remediate compromises found.

"The new tool is designed as a workaround for customers who are not familiar with the remediation process or have not yet applied an on-premises Exchange security update," Microsoft explained.

The development of the tool is the result of ongoing cyber attacks on unpatched Exchange servers by various cybercriminal groups around the world. In early March, it became known that the vulnerabilities were actively exploited by the Hafnium APT group working for the Chinese government. Following Hafnium, the hacker groups APT27, Bronze Butler / Tick, and Calypso, supported by China, as well as the Winnti Group, Tonto Team, Mikroceen, etc., began to exploit the ProxyLogon vulnerabilities.

According to RiskIQ telemetry data, as of March 12, 317,269 of the 400,000 on-premises Exchange servers worldwide were patched, with the United States, Germany, the United Kingdom, France, and Italy having the most affected devices.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.