Microsoft recently released a patch for the “Hafnium” vulnerability which was make a carnage on its Exchange mail and calendar servers. However, this patch is primarily designed for large organizations whose IT departments can handle the relatively complex deployment. Now Microsoft has released a one-click mitigation tool for small businesses, it’s relatively easy to set up.
Once you run the app, it will first mitigate the current known attacks that exploit the vulnerability (CEV-2021-26855) with the help of a URL rewrite configuration. It will then scan your Exchange server using the Microsoft security scanner and attempt to revert the changes made by the identified threats.
This tool should only be used as a temporary mitigation until your Exchange servers can be fully updated, as discussed in our previous tips.
Microsoft notes that the fix will only work against attacks it has seen so far and may not be effective against future hacks. He also said that this was not a replacement for previously released Exchange fixes “but it is the fastest and easiest way to mitigate the highest risk for on-premise Exchange servers connected to the Internet before. applying the fixes, ”the company wrote. After you run the hotfix, all organizations still need to take steps to completely update their Exchange servers as a company previously detailed.
The vulnerability exploited by Chinese hacking group Hafnium has been a disaster for businesses using Exchange servers, to say the least. In the United States, the group has infiltrated at least 30,000 organizations, including police departments, hospitals, local governments, banks, credit unions, nonprofits and telecommunications providers. Worldwide, the number of victims is believed to be several hundred thousand.
Microsoft now suspects that the Hafnium hackers may have obtained the information necessary to carry out the attack from private disclosures it made to some of its security partners, the WSJ reported. Investigators at the software giant apparently noticed that the second wave of the Exchange attack looked like “proof of concept” attack code that Microsoft distributed to security partners on February 23. This group includes around 80 companies around the world, 10 of which are based in China. Microsoft said it sent the code to a subset of this group, but declined to say if any Chinese companies were included in the post.