Tech

Attack on Exchange Server – Microsoft provides test script for login

by
Attack on Exchange Server - Microsoft provides test script for login

Microsoft Exchange Server has several serious vulnerabilities that have recently been closed with an update, but is being heavily exploited by cybercriminals. The creator now offers administrators the option to use a PowerShell script to check if the Exchange server has already been successfully attacked.

PowerShell script provided on GitHub

A PowerShell script is available at Microsoft’s GitHub repository ‘CSS-Exchange’ (‘powered by Support Engineers for Microsoft Exchange Server’) that checks one or more Exchange servers for traces left by a successful attack. About that Reported BleepingComputer. Microsoft publicly created the vulnerabilities, including an update on March 2 – at this point, however, attacks on them were already seen (zero days). If an attacker associates vulnerabilities with the names CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, this attack is known as “Prologon”. This allows the code to be executed remotely and requires active Outlook Web Access (OWA).

PS-Script Test-Proxylogon. PS1 Bith GitHub Looks at the characteristics of attacking ProxyLogon’s specialties. Microsoft had already published the details in a blog post, but this script summarizes manual tests and makes it much easier for administrators to check their Exchange servers. The script searches the Exchange log, the Exchange HttpProxy log and the Windows application event log.

The script outputs its results directly to a local Exchange server (on the Exchange Management Shell):

.Test-ProxyLogon.ps1

Production can be saved:

.Test-ProxyLogon.ps1 -OutPath $homedesktoplogs

If you operate multiple Exchange servers, you can test all systems at once (and save the result):

Get-ExchangeServer | .Test-ProxyLogon.ps1 -OutPath $homedesktoplogs

Import Update!

Exchange administrators should immediately close vulnerabilities by installing the latest updates and, if possible, also use this script to check your system for an attack. The extent of attacks that have already taken place is clearly considerable; Estimates are based on tens of thousands of systems in Germany that are least vulnerable and may have already been attacked. BSI has warned of a nuisance for IT security and advised you to take immediate action.

READ  Free Apps: These professional apps are currently available for free - March 2022


(Tiwari)

On home page

0
Laurence Porter
Written By
More from Laurence Porter
Mars helicopter “Ingenuity” flies for the third time on Mars
The “Ingenuity” helicopter flew for the third time on Mars. The mini...
Read More

You may also like

Comparison Benchmark Receives Maser Shader Test for 3DMark DirectX 12
Comparison Benchmark Receives Maser Shader Test for 3DMark DirectX 12
Ubuntu Unity 22.04.1 LTS: Derivat erhält ersten „neuen“ alten Desktop seit 6 Jahren
Ubuntu Unity 22.04.1 LTS: Derivative gets the first “new” old desktop in 6 years
World of WarCraft: Dragonflight: Pre-Patch Phase 2 is now live!
World of WarCraft: Dragonflight: Pre-Patch Phase 2 is now live!
Leave a comment

Your email address will not be published. Required fields are marked *