No time yet?
Microsoft provides its customers with a one-click tool that automatically applies all required patches against the so-called hafnium exploits for Exchange Server since version 2010.
The second week of March 2021 was Microsoft Provided a powershell script, which could use Edmins to test their Exchange Server installations. The script combines commands already published by Microsoft that examine a server for traces left by a successful attack. Can script On github Downloaded
With the one-click tool now presented, Creator is now greatly simplifying the process of securing Exchange Server. It turned out that worldwide server admissions were immediately hesitant about the recommended patch. Obviously, Microsoft hopes to close security gaps more quickly through a process that is easier for the user.
It can actually be done by anyone. However, the most important requirement is that the user “One-click Microsoft Exchange on-premises mitigation tool” Has admin rights for the Exchange server in question.
If this is the case, the tool takes care to install all patches automatically. Microsoft’s security scanner is then used. Checks the server for any malware infections that could have been initiated by hackers in the meantime. If necessary, it also tries to undo any changes made by the malware.
In all of this, the manufacturer clearly states that the device can only detect and make the attacks known to date. Apparently, Microsoft does not ensure that it has already identified all holes. In any case, a full version update of the affected server software should be available shortly.
On Tuesday, the Federal Office for Information Security (BSI) was also one security warning In which it provides detailed information on the dangers posed by hafnium feats. Officials continued to contact the operators of the server in distress.
Microsoft responds after 2 months of knowing and reducing exploitation of security holes
It wasn’t Microsoft until early March made publicAn alleged Chinese hacker group, which the manufacturer calls “hafnium”, had broken through four different vulnerabilities in Exchange servers worldwide. According to Microsoft’s findings, hackers are primarily interested in education, health care and defense in companies and institutions. According to the company’s knowledge, hackers acted against targets specifically and, above all, in the United States.
It quickly became apparent that Microsoft was mistaken with these assumptions. Experts like security expert Brian Krebs now believe this Exchange serverThose that were online between 26 February and 3 March were actually hacked. This means that when in doubt Thousands of people were affected.
Although microsoft does Latest since the beginning of january After learning about the exploits, it took two months for the company to distribute the patch. The extent of damage cannot currently be reliably assessed.