In response to the growing number of threats against on-premises Exchange servers because of the recently uncovered hack, Microsoft has released a one-click mitigation tool. The threats result from numerous vulnerabilities that are in Exchange servers and, though patches for the vulnerabilities exist, many companies have yet to implement them. As a workaround, Microsoft is hoping that the one-click mitigation tool will secure these Exchange servers typically used by smaller organizations.
In a blog post, Microsoft explained the mitigation tool’s function and how it helps harden defenses against the Exchange servers hack:
We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.
By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed. This tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange servers before patching.
According to RiskIQ, there are 82,731 vulnerable Microsoft Exchange servers worldwide. The main culprits are 2016 Exchange servers (with 2013 and 2019 not far behind) unpatched. These servers have been primarily linked to banking, health care, pharmaceuticals, and governmental sources. Globally the United States has the most vulnerable Exchange servers. After the U.S., the following countries also rank high on the list according to RiskIQ’s research: Germany, the United Kingdom, France, and Italy.
Despite the mounting research about these vulnerabilities, not to mention governmental emergency directives, patching is progressing at a frustratingly slow pace. While there has been an unprecedented number of exploits in recent months, there is no excuse for ignoring patches. It is worth the extra effort to implement these changes, as the alternative is a catastrophic cybersecurity incident.
Featured image: Flickr/ Amit Chattopadhyay