Microsoft Releases ‘One-Click’ HAFNIUM Mitigation Tool
To say the HAFNIUM has caused a bit of pandemonium the past week or so is a bit of an understatement. The 0-day vulnerability is being actively used by nefarious individuals and groups to access sensitive data.
One of the many problems, aside from the last remaining Exchange server running inside many organizations, is that patching your infrastructure is not always a simple task. If you don’t have a dedicated security or IT team at your disposal (something that is a frequent occurrence in smaller companies), patching Exchange can be a significant challenge and result in downtime.
Announced today, Microsoft has released a ‘one-click’ tool that is able to patch Exchange Server 2013, 2016, and 2019 deployments. The company says that this tool is designed as an interim mitigation solution but does not fully replace the previously released patch for these systems.
This tool also includes Microsoft Safety Scanner and once you run the application, it will perform the following actions:
- Mitigate against current known attacks using CVE-2021-26855 using a URL Rewrite configuration.
- Scan the Exchange Server using the Microsoft Safety Scanner.
- Attempt to reverse any changes made by identified threats.
The company says that before running the tool, it’s important to understand that this patch is only effective against attacks that the company has seen so far and it is not guaranteed to protect against future attacks. They also recommend this tool over the previously released ExchangeMitigations.ps1. Further, if you have already started using the other script, you can migrate to this new tool without any issues.
While it’s unfortunate that HAFNIUM has existed in the first place, at least now there is a tool that is going to help the smaller organizations that may not have the resources need to patch their environment.
More in Exchange Server
M365 Changelog: Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail to be retired
May 24, 2022 | Petri Staff
M365 Changelog: (Updated) Microsoft Defender for Office 365: Updates to URL Protection Report
May 24, 2022 | Petri Staff
M365 Changelog: Safe Links Global Settings Migrated to Custom Policies
May 20, 2022 | Petri Staff
Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages
May 11, 2022 | Rabia Noureen
M365 Changelog: Exchange Transport Rule Report moving to the new Exchange Admin Center (EAC) from the Security and Compliance Center
Apr 22, 2022 | Petri Staff
Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers
Apr 22, 2022 | Rabia Noureen
Most popular on petri