CISA, the US cybersecurity and infrastructure agency, issued a statement in a statement recommending that all Exchange Server users use a script developed by the company to check whether the server is vulnerable to the set of CVEs allegedly being exploited by a group of Chinese.
At least 30,000 organizations are believed to have been attacked in the United States, but the number could be much higher globally: the vulnerabilities give hackers remote control over victims’ systems. A Trend Micro scan by Shodan indicates that there are still around 63,000 servers exposed.
The Microsoft script scans the Exchange log files for indicators of commitment (IOCs) associated with the vulnerabilities released on March 2, 2021.
CISA’s recommendation is that organizations run the Test-ProxyLogon.ps1 script as soon as possible to help determine whether their systems are compromised.
The attacks were traced back to January 6, 2021, when a new group of threats later called “Hafnium” by Microsoft began to exploit four zero-day bugs on the Microsoft Exchange Server. The group is using virtual private servers (VPS) located in the United States to try to hide its true location.
The script is on Microsoft’s GitHub, at
https: // github[ . ]com / microsoft / CSS-Exchange / tree / main / Security
With international agencies
See the original post at: https://www.cisoadvisor.com.br/ferramenta-microsoft-detecta-vulnerabilidade-do-exchange-server/?rand=59039