Security researchers warned last week that four bugs in the Microsoft Exchange email and calendar servers were at risk of being used in attacks by the Chinese espionage group Hafnium. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) said it was "aware of widespread domestic and international exploitation" of the bugs.
Microsoft recently released a patch for the flaw (CEV-2021-26855), but it was primarily designed for large organizations with dedicated IT or security teams capable of executing the complex fix. Now, the tech giant has released an easier-to-install tool for smaller firms without such teams.
“....we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,” Microsoft said.
Mitigating the flaw
The tech giant said the tool will guard against attacks that have been seen so far, but it won’t prevent future attacks and isn’t a replacement for the other Exchange patches. However, the company said it is “the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange servers prior to patching.”
“This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update,” Microsoft said in a blog post. “By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed.”
The company’s “one-click” mitigation tool can be accessed here.