Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
by CIRT Team
Microsoft has released emergency out-of-band security updates that
address four zero-day issues (CVE-2021-26855, CVE-2021-26857,
CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange
versions that are actively exploited in the wild.
Researchers at the MS Exchange Server team have released a script that
could be used by administrators to check if their installs are
vulnerable to the recently disclosed vulnerabilities.
Microsoft released the tool as open-source on GitHub, it can be used to
check the status of Exchange servers.
“Formerly known as Test-Hafnium, this script automates all four of the
commands found in the Hafnium blog post.” states Microsoft. “It also has
a progress bar and some performance tweaks to make the CVE-2021-26855
test run much faster.
Download the latest release here: Download
Test-ProxyLogon.ps1(https://github.com/microsoft/CSS-Exchange/tree/main/Security).
For more information about these vulnerabilities and how to defend
against their exploitation, Please check:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://us-cert.cisa.gov/ncas/alerts/aa21-062a
https://cyber.dhs.gov/ed/21-02/
Recommended Posts
Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages
08 Oct 2024 - Security Advisories & Alerts