Microsoft has released a one-click patch, the Microsoft Exchange On-Premises Mitigation tool, to help customers apply new security updates in the face of the Exchange Server cyber attack.
This comes after the company released security updates in the wake of the attack, but these fixes were aimed predominantly at large organisations with dedicated IT teams who can handle complex deployments.
The tech giant stated that the one-click patch is aimed at customers who do not have dedicated security or IT teams to apply updates, who may be unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.
In the post, the company writes: “There was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server.”
Microsoft clarifies that the tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange Servers prior to patching.
It also underlines that the new tool is effective against the attacks there have been seen so far but says it's not guaranteed to mitigate all possible future attack techniques.
In the UK, the National Cyber Security Centre (NCSC) has urged businesses to patch against the recently disclosed vulnerabilities in Exchange. It advised businesses to install the updates as a “matter of urgency”. An estimated 7,000 UK servers had been affected by the vulnerabilities, of which around half had already been secured.
Furthermore, ESET research found that Microsoft Exchange servers had been targeted by “at least ten hacker groups” and that they had managed to install backdoors on more than 5,000 servers in over 115 countries.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
The threat prevention buyer's guideWhitepaper Find the best advanced and file-based threat protection solution for you
-
Supply chain as kill chainWhitepaper Security in the era Zero Trust
-
Microsoft under fire for “negligent” security practices in scathing critique by industry execNews Microsoft took more than 90 days to issue a partial fix for a critical Azure vulnerability, researchers found
-
Apple patches zero day linked to spyware campaignNews Kaspersky researchers were the first to report a zero day used in a sophisticated attack chain
-
MOVEit cyber attack: Cl0p sparks speculation that it’s lost control of hackNews The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew
-
Microsoft says it knows who was behind cyber attacks on MOVEit TransferDozens of organizations may have already lost data to hackers exploiting the critical flaw
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
