Rewterz Threat Advisory – Apache OpenMeetings denial of service
March 16, 2021Rewterz Threat Alert – FIN8 Returns With Improved BADHATCH Toolkit
March 16, 2021Rewterz Threat Advisory – Apache OpenMeetings denial of service
March 16, 2021Rewterz Threat Alert – FIN8 Returns With Improved BADHATCH Toolkit
March 16, 2021Severity
High
Analysis Summary
Microsoft has come up with a release of a one-click mitigation tool help businesses from the zero-day attacks against on-prem Exchange Servers. By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed. This tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange Servers prior to patching.
The EOMT tool nce run, the Run EOMT.ps1 tool will perform three operations:
- Mitigate against current known attacks using CVE-2021-26855 using a URL Rewrite configuration.
- Scan the Exchange Server using the Microsoft Safety Scanner.
- Attempt to reverse any changes made by identified threats.
Affected Products
Microsoft Exchange Server
Remediation
Microsoft recommends following
- Download the EOMT tool.
- Run it on Exchange servers immediately.
- Follow the more detailed guidance here to ensure that your on-premises Exchange is protected.