Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms.
The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating. Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail servers over the last week. By exploiting the vulnerability, criminal gangs and nation state actors have installed Web Shells and deployed ransomware onto tens of thousands of Exchange servers around the world.
The NCSC has issued an urgent alert to UK businesses:
The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise, in line with Microsoft guidance
Microsoft has issued an easy to use one-click tool (Microsoft Exchange On Premise Mitigations Tool) that will mitigate the Exchange server vulnerabilities and then scan the server to see if it has already been compromised by criminals. This tool does not install any software updates (patches) instead it amends the Exchange configuration to prevent the vulnerabilities from being attacked until the full security patches can be installed.
All Microsoft Exchange servers need to apply the security patches in order to fully resolve the threat posed by ProxyLogon and related attacks. The mitigations tool is intended only to provide a short term fix for organisations who cannot install the patches immediately.