Microsoft Releases Script for Exchange Server Vulnerability
Microsoft Releases Script to Check for Traces of Intrusion Related to Exchange Server Vulnerability
Microsoft’s Exchange Server team released a script for IT administrators on March 6 to determine if it was affected by a zero-day vulnerability that was recently revealed to be lurking in the product.
As announced by the US Cyber Security and the Infrastructure Security Agency (CISA), Microsoft’s team has posted the latest script on GitHub to check the security status of the Exchange Server.
The script has been updated to include Indicators of Compromise (IoC) related to four zero-day vulnerabilities discovered on the Exchange Server.
On March 2, the company issued a warning about a vigorous zero-day attack by state-sponsored Chinese threat group Hafnium. FireEye’s “Mandiant Managed Defense” team is also tracking attacks on US organizations that have exploited this vulnerability. At present, local government agencies, universities, and retailers are believed to have been damaged.
CISA said, “Because CISA is aware of the widespread exploitation of these vulnerabilities in Japan and abroad, organizations run the Test-ProxyLogon.ps1 script” as soon as possible. “ However, it is highly recommended to determine if your system is at risk. “
The CISA issued an emergency directive on the 3rd, urging government agencies and others to check for evidence of suspicious activity and apply patches provided by Microsoft.