Microsoft releases ‘one-click’ tool to patch Exchange server vulnerability

*Microsoft Corporation announces the tool for the flaw (CEV-2021-26855) was designed for smaller firms without information technology departments

Isola Moses | ConsumerConnect

Microsoft has released a “one-click” tool that enables smaller companies to patch the critical “Hafnium” vulnerability disclosed by the company earlier March 2021.

It was learnt security researchers recently warned that four bugs in the Microsoft Exchange email and calendar servers were at risk of being used in attacks by the Chinese espionage group Hafnium.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said it was “aware of widespread domestic and international exploitation” of the bugs.

Microsoft recently released a patch for the flaw (CEV-2021-26855), but it was primarily designed for large organizations with dedicated IT or security teams capable of executing the complex fix. Now, the tech giant has released an easier-to-install tool for smaller firms without such teams.

Microsoft said: “….we realised that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server.”

In alleviating the flaw, the tech giant said the tool would guard against attacks that have been seen so far, but it won’t prevent future attacks and is not a replacement for the other Exchange patches.

However, the company said it is “the fastest and easiest way to mitigate the highest risks to Internet-connected, on-premises Exchange servers prior to patching.”

Microsoft further said in a blog post: “This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.

“By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855 on any Exchange server on which it is deployed.”

Kindly Share This Story