Microsoft releases one-click tool to mitigate the impact of “Exchange Server” targeted attacks

On March 15th, Microsoft released a one-click mitigation tool as a first aid for IT administrators who have not yet applied security patches to protect their Exchange Server. It’s a tool for mitigating the threat of vulnerabilities that are being actively exploited and damaging organizations around the world. On the 2nd, Microsoft released an emergency curity update that fixes a critical vulnerability. However, as of the 12th, the company estimates that at least 82,000 servers connected to the Internet are still unpatched and vulnerable to attacks. Based on efforts in collaboration with clients and partners, Microsoft said, “We will meet the needs of both customers using the current version of Exchange Server on-premises and customers using the out-of-support version. He said he found a need for an automated solution that could be met, concisely and easily available. The tool, called the Microsoft Exchange On-Premises Mitigation Tool, is intended to help customers who do not have a dedicated security or IT person to apply such security updates. Tested with Exchange Server versions 2013, 2016 and 2019. Microsoft describes the tool as not a replacement for patches, but a way to mitigate the risk of vulnerabilities until an update is applied. This tool can be run on an existing Exchange Server and works with the Microsoft Safety Scanner to attack attacks that exploit a vulnerability (CVE-2021-26855) that could lead to remote code execution (RCE) when exploited. It also includes mitigation measures. “This tool isn’t a replacement for Exchange security updates, but it’s the quickest and easiest way to mitigate the very high risk of an Internet-connected, on-premises Exchange Server prior to patching,” Microsoft said. “.