Microsoft’s Exchange Server team has released a script for IT admins to check if systems are vulnerable to recently-disclosed zero-day bugs.
As noted in an alert published by the US Cybersecurity and Infrastructure Security Agency (CISA) on Saturday, Microsoft’s team has published a script on GitHub that can check the security status of Exchange servers.
The script has been updated to include indicators of compromise (IOCs) linked to four zero-day vulnerabilities found in Microsoft Exchange Server.
On March 2, the tech giant warned of the active exploit of the zero-days by a state-sponsored Chinese threat group called Hafnium. FireEye’s Mandiant Managed Defense team has also tracked ongoing attacks against US organizations leveraging the bugs. So far, victims include local government entities, a university, and retailers.
“CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script — as soon as possible — to help determine whether their systems are compromised,” the agency warns.
Previously, CISA issued an emergency directive ordering federal agencies to examine their systems for any trace of suspicious activity and to apply patches provided by Microsoft immediately.
Earlier this week, Microsoft revealed new malware families associated with the threat actors responsible for the compromise of SolarWinds. The Redmond giant believes the group behind the hack is Nobelium, Russian state-sponsored cyberattackers.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0