Microsoft Release ProxyLogon Vulnerabilities Mitigation Tool

The Exchange On-premises Mitigation Tool PowerShell script can scan Exchange servers for shells deployed.


Microsoft has released software to prevent attacks on Microsoft Exchange servers that exploit ProxyLogon vulnerabilities .

The PowerShell script, dubbed the Exchange On-premises Mitigation Tool (EOMT), is capable of scanning Exchange servers for any command interpreters deployed, as well as attempting to remediate compromises found.

"The new tool is designed as a workaround for customers who are not familiar with the remediation process or have not yet applied an on-premises Exchange security update," Microsoft explained.

The development of the tool is the result of ongoing cyber attacks on unpatched Exchange servers by various cybercriminal groups around the world. In early March, it became known that the vulnerabilities were actively exploited by the Hafnium APT group working for the Chinese government. Following Hafnium, the hacker groups APT27, Bronze Butler / Tick and Calypso, supported by China, as well as the Winnti Group, Tonto Team, Mikroceen, etc., began to exploit the ProxyLogon vulnerabilities.

According to RiskIQ telemetry data, as of March 12, 317,269 of the 400,000 on-premises Exchange servers worldwide were patched, with the United States, Germany, the United Kingdom, France and Italy having the most affected devices.