Microsoft Releases One-Click HAFNIUM Mitigation Tool

Brad Sams

Mar 15, 2021

To say the HAFNIUM has caused a bit of pandemonium the past week or so is a bit of an understatement. The 0-day vulnerability is being actively used by nefarious individuals and groups to access sensitive data.

One of the many problems, aside from the last remaining Exchange server running inside many organizations, is that patching your infrastructure is not always a simple task. If you don’t have a dedicated security or IT team at your disposal (something that is a frequent occurrence in smaller companies), patching Exchange can be a significant challenge and result in downtime.

Image #1 Expand

Announced today, Microsoft has released a ‘one-click’ tool that is able to patch Exchange Server 2013, 2016, and 2019 deployments. The company says that this tool is designed as an interim mitigation solution but does not fully replace the previously released patch for these systems.

This tool also includes Microsoft Safety Scanner and once you run the application, it will perform the following actions:

Mitigate against current known attacks using CVE-2021-26855 using a URL Rewrite configuration.
Scan the Exchange Server using the Microsoft Safety Scanner.
Attempt to reverse any changes made by identified threats.

The company says that before running the tool, it’s important to understand that this patch is only effective against attacks that the company has seen so far and it is not guaranteed to protect against future attacks. They also recommend this tool over the previously released ExchangeMitigations.ps1. Further, if you have already started using the other script, you can migrate to this new tool without any issues.

While it’s unfortunate that HAFNIUM has existed in the first place, at least now there is a tool that is going to help the smaller organizations that may not have the resources need to patch their environment.

Download: Microsoft Exchange On-Premises Mitigation Tool