Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Microsoft has released emergency out-of-band security updates that
address four zero-day issues (CVE-2021-26855, CVE-2021-26857,
CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange
versions that are actively exploited in the wild.

Researchers at the MS Exchange Server team have released a script that
could be used by administrators to check if their installs are
vulnerable to the recently disclosed vulnerabilities.

Microsoft released the tool as open-source on GitHub, it can be used to
check the status of Exchange servers.
“Formerly known as Test-Hafnium, this script automates all four of the
commands found in the Hafnium blog post.” states Microsoft. “It also has
a progress bar and some performance tweaks to make the CVE-2021-26855
test run much faster.

Download the latest release here: Download
Test-ProxyLogon.ps1(https://github.com/microsoft/CSS-Exchange/tree/main/Security).

For more information about these vulnerabilities and how to defend
against their exploitation, Please check:

Multiple Security Updates Released for Exchange Server – updated March 5, 2021

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log

https://github.com/microsoft/CSS-Exchange/tree/main/Security

https://us-cert.cisa.gov/ncas/alerts/aa21-062a

https://cyber.dhs.gov/ed/21-02/

https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities

https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html