As you have heard about in the news, or have been informed by Microsoft or service partners, last week Microsoft released several critical zero-day patches for local Exchange Server vulnerabilities that unfortunately already have been exploited.
As the initial targets were specific industries situated in the USA, you might have thought that the vulnerabilities would not immediately impact your and/your customer’s Exchange Server(s). Unfortunately, the opposite is true. They have already been exploited in many parts of the world.
In this blog, I’d like to tell you more about the resources you can use to help you identify whether your Exchange Server is vulnerable and, if so, do something about it.
- Read the Microsoft blog and detailed information.
- Check if your Exchange Server(s) have been implemented with the latest Service Packs and patches. You can find a script to check on your servers on Github. The script is named HealthChecker, it is created by Github user dpaulson45.
- Investigate if your servers might have been compromised. How to check for the Indicators of Compromize (IOCs), the Microsoft Exchange team has created a script you can run on your servers.
It is downloadable from Github user CSS-Exchange.You can also use this information to investigate manually.
- If the result of the IOC check shows that your servers have been compromised, we advise you to contact your Microsoft Support representative or Microsoft Partner.
- If the result of the IOC check shows that your servers have NOT been compromised, and if they are NOT on the latest patch levels, immediate act and plan for an emergency patch action.You can find the respective updates on this page.
Should you require help to investigate and/or patch your servers, we are happy to assist. Please send an email to firstname.lastname@example.org and we will respond as soon as possible.
Note: Should you have an environment where immediate patching is difficult due to circumstances, read this Microsoft Security Response Center update on the matter, published 6th March 2021.
We trust that this information is helpful to you. Should you have any feedback, please let us know.