Microsoft has released a PowerShell script to help customers running its Exchange Server on-premises software to quickly and easily mitigate against an attack chain of vulnerabilities that is under heavy exploitation currently.
The Exchange On-Premises Mitigation Tool or EOMT is recommended over Microsoft’s earlier ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform resource locator (URL) rewrite configuration.
This, Microsoft said, mitigates against the known methods of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which forms the first part of a four-stage attack chain that can lead to full system compromise.
On top of mitigating against CVE-2021-26855, EOMT is fully automated and downloads all the dependencies it requires.
EOMT also runs the Microsoft Safety Scanner to detect malware on affected Exchange Servers and attempts to remediate compromises detected
The tool requires PowerShell 3 or later, and Internet Information Services 7.5 or better.
Microsoft has tested EOMT on Exchange 2013, 2016 and 2019, without adverse effects discovered so far.
Exchange administrators are advised that EOMT should only be used as a temporary mitigation measure until their servers can be fully updated.
The exploitation of unpatched servers continues worldwide with reports of ransomware being installed on them, along with web shells for data exfiltration.
