Patch/Configuration Management, Vulnerability Management

Microsoft releases one-click mitigation tool for Exchange Server

Microsoft released a one-click mitigation tool for the Hafnium Exchange Server vulnerabilities that the company hopes will help organizations struggling to update.

"We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server," Microsoft Security Response Center said in a blog post announcing the tool.

RiskIQ reported 69,548 servers still had not applied the patch as of Sunday evening, despite calls from Microsoft, the Cybersecurity and Infrastructure Security Agency, and the unanimity of experts. That number is down from 400,000 on March 2, the day Microsoft first released the patch.

Microsoft hopes the new tool will aid organizations who lack IT teams and anyone else who has so far been reluctant to apply the patch.

The four patched vulnerabilities have been exploited by several actors. Microsoft first identified a new state-sponsored group operating out of China it dubbed Hafnium, but several other groups have been discovered targeting unpatched servers, including criminal groups.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.