Microsoft’s Security Response Center has released a new one-click tool to help admins shield their Microsoft Exchange email servers against the widely exploited vulnerabilities that were reported earlier this month.
The Microsoft Exchange On-Premises Mitigation Tool comes in response to the increasing number of exploits based on four zero-day vulnerabilities that were first exploited by the Chinese state-sponsored Hafnium group.
Just as security researchers had predicted, several other threat actors piggybacked on the vulnerabilities to launch all sorts of malicious campaigns including dropping malware such as the DearCry ransomware.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
- Here’s our roundup of the best identity theft protection tools
Click to patch
“This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update,” Microsoft said in a blog post.
The company has already released patches to mitigate the four vulnerabilities collectively known as ProxyLogon, and has been urging companies to update their Exchange servers as soon as possible.
But after speaking to customers, Microsoft found that it needed to come up with a different mechanism for deploying the patches.
“....we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,” shares Microsoft.
The new one-click tool, which is essentially a PowerShell script, will help small businesses that lack dedicated IT or security teams to install the patches without any technical know-how. Microsoft says it has tested the new tool across Exchange Server 2013, 2016, and 2019 deployments.
- Protect your devices with these best antivirus software