CISA: Microsoft IOC Detection Tool and Alternative Mitigation Techniques for Exchange Server Vulnerabilities
CISA: Microsoft IOC Detection Tool and Alternative Mitigation Techniques for Exchange Server Vulnerabilities
Greetings,
Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.
CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised. For additional information on the script, see Microsoft’s blog HAFNIUM targeting Exchange Servers with 0-day exploits.
In addition, Microsoft has also released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021.
CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately apply the updates, CISA strongly recommends they apply the alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations in the interim.
For more information about these vulnerabilities and how to defend against their exploitation, see:
- Microsoft Advisory: Multiple Security Updates Released for Exchange Server
- Microsoft Blog: HAFNIUM targeting Exchange Servers with 0-day exploits
- Microsoft GitHub Repository: CSS-Exchange
- CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities
- CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Best regards,
Greg Hollingsead
Protective Security Advisor, Nebraska
U.S. Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
Telephone: (402) 981-8970 | Email: greg.hollingsead@cisa.dhs.gov