The Microsoft Exchange Servers team has released a script for IT administrators to check if their systems are vulnerable to the recently revealed zero-day vulnerabilities.
As reported in an alert released by the US Cybersecurity and Infrastructure Security Agency (CISA) on Saturday, the Microsoft team has developed a script on GitHub, which checks the security status of Exchange servers. The script has been updated to include Indicators of Compromise (IOC) related to four zero-day vulnerabilities found in the Microsoft Exchange server.
CISA recommends checking systems as soon as possible
On March 2, Microsoft warned of four zero-day vulnerabilities, actively exploited by a group of cyberattackers named Hafnium. FireEye has also investigated potential victims of ongoing attacks on US organizations. Until now, they have government offices, a university and stores.
“CISA is aware of the widespread exploitation of these vulnerabilities nationally and internationally and strongly recommends that organizations run the Test-ProxyLogon.ps1 script – as soon as possible – to help them determine if their systems are compromised,” warns the agency. Earlier, the CISA issued an emergency directive ordering federal agencies to examine their systems for any signs of suspicious activity and immediately apply fixes provided by Microsoft.
Earlier this week, Microsoft also revealed new malware associated with those responsible for the cyberattack that hit SolarWinds. The tech giant suspects the Russian state-sponsored group of cyberattackers Nobelium to be behind the attack.