A series of flaws in stand-alone installations of Microsoft Exchange server has seen several hundreds of thousands of installations of Exchange Server being compromised by Chinese hacker group Hafnium. Early this month, Microsoft released new tools and guidance to help server admins detect and mitigate against the threat. Yesterday, Microsoft released an one-click mitigation tool to help Exchange customers who do not have dedicated security or IT teams. You can download it here.
This tool will work across Exchange Server 2013, 2016, and 2019 deployments. This new tool is just an interim mitigation for customers who are unfamiliar with the patch/update process. The ideal solution is to deploy the latest Exchange security update released by Microsoft. If you have not deployed the latest security update, follow the below steps to protect your Exchange server.
- Download this tool.
- Run it on your Exchange servers immediately.
- Then, follow the more detailed guidance here to ensure that your on-premises Exchange is protected.
- If you are already using Microsoft Safety Scanner, it is still live and we recommend keeping this running as it can be used to help with additional mitigations.