Microsoft released a one-click mitigation software that has all the countermeasures required to secure vulnerable environments against the current widespread ProxyLogon Exchange Server attacks.
The tool called Exchange On-premises Mitigation Tool (EOMT) is a PowerShell-based script that can mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using the Microsoft Safety Scanner for any deployed web shells, and attempt to remediate the detected compromises.
Microsoft stated that this tool has been designed as an interim mitigation for users who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.
This tool has been released in view of the recent ongoing attacks against unpatched Exchange Servers worldwide by more than ten advanced persistent threat actors to insert backdoors, crypto miners, and ransomware, with the release of proof-of-concept (PoC) increasing the hacking spree even further.
As per the telemetry from RiskIQ, 317,269 out of 400,000 on-premises Exchange Servers globally have been patched as of March 12, with the U.S., Germany, Great Britain, France, and Italy leading the countries with vulnerable servers.
The tech giant said that this tool is not a replacement for the Exchange security update, but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premise Exchange Servers prior to patching.
It is important to note that this tool is effective only against attacks and exploits seen to date and is not guaranteed to fix attacks that may emerge in the immediate future. As a result, it must be used only as a temporary fix until full updates can be applied.