Microsoft has produced a PowerShell script to assist shoppers operating its Trade Server on-premises program to quickly and easily mitigate from an assault chain of vulnerabilities that is under heavy exploitation currently.
The Trade On-Premises Mitigation Tool or EOMT is recommended in excess of Microsoft’s previously ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability as a result of a uniform source locator (URL) rewrite configuration.
This, Microsoft claimed, mitigates from the known strategies of exploiting the CVE-2021-26855 server-facet ask for forgery authentication bypass vulnerability, which varieties the initially portion of a 4-phase assault chain that can direct to whole system compromise.
Microsoft has produced a new, one particular-click on mitigation software to assist shoppers who do not have devoted security or IT groups to apply the Trade security updates
1⃣ Applies CVE-2021-26855 mitigation
2⃣ Runs MSERT scan
3⃣ Reverse any improvements manufactured by determined threats pic.twitter.com/UEhNQC8NEM
— Tanmay Ganacharya (@tanmayg) March 15, 2021
On prime of mitigating from CVE-2021-26855, EOMT is entirely automated and downloads all the dependencies it requires.
EOMT also runs the Microsoft Security Scanner to detect malware on impacted Trade Servers, and tries to remediate compromises detected.
The software requires PowerShell three or later, and World wide web Info Companies 7.five or much better.
Microsoft has examined EOMT on Trade 2013, 2016 and 2019, devoid of adverse effects uncovered so much.
Trade directors are recommended that EOMT must only be used as a short-term mitigation evaluate right up until their servers can be entirely updated.
Exploitation of unpatched servers carries on all over the world with studies of ransomware becoming set up on them, alongside with webshells for info exfiltration.
Doing the job with each other with Microsoft, security vendor RiskIQ tracked the Trade patching progress, and famous that on March twelve, Australia had in excess of 2100 susceptible servers. Around the world the number is in excess of 80,000.