iTWire Wednesday, 17 March 2021 11:30 Microsoft offers mitigation for Exchange attack, silent on alleged code leak Featured Pixabay
Microsoft has offered users of Exchange Server a means of mitigating the so-called ProxyLogon attack, a one-click tool that it says has been tested across the 2013, 2016 and 2019 versions of Exchange Server.
But the company said the tool was not totally fool-proof.
The company has not said anything about reports emerging last Friday that exploit code for attacking mail servers had been leaked by Microsoft s security partners.
The Wall Street Journal
cited people familiar with the matter as making the claim. A wave of attacks used code similar to that which Microsoft provided to anti-virus companies on 23 February, the report claimed.
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
Microsoft releases interim mitigation tool for Exchange vulnerability
Mitigates the CVE-2021-26855 vulnerability. Credit: Supplied
Microsoft has released an interim mitigation tool to automatically mitigate one vulnerability in the attack chain associated with the zero-day Exchange Server exploits the vendor disclosed earlier this month.
The Exchange On-premises Mitigation Tool, or EOMT, aims to protect and mitigate against CVE-2021-26855 on Exchange servers prior to patching and was designed for those who are either unfamiliar with the updating process or have not applied the update yet.
TechRepublic Premium
But now Exchange Server 2016 and Exchange Server 2019 customers have another way of patching the flaws. That is, by installing the latest quarterly cumulative updates (CU) from Microsoft, which is the most complete mitigation available. We wanted to highlight that these latest CUs contain the fixes that were previously released as Exchange Server Security Updates on March 2, 2021. This means you don t have to install the March 2021 Security Updates after installing the March 2021 CUs, Microsoft s Exchange team noted.
Microsoft has separately published more information for security teams responding to the Exchange server bugs CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065.
Microsoft releases interim mitigation tool for Exchange vulnerability arnnet.com.au - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from arnnet.com.au Daily Mail and Mail on Sunday newspapers.