Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Exchange 2010|Exchange 2013|Exchange 2016|Exchange 2019|Exchange Server

Microsoft Releases ‘One-Click’ HAFNIUM Mitigation Tool

To say the HAFNIUM has caused a bit of pandemonium the past week or so is a bit of an understatement. The 0-day vulnerability is being actively used by nefarious individuals and groups to access sensitive data.

One of the many problems, aside from the last remaining Exchange server running inside many organizations, is that patching your infrastructure is not always a simple task. If you don’t have a dedicated security or IT team at your disposal (something that is a frequent occurrence in smaller companies), patching Exchange can be a significant challenge and result in downtime.

Image #1 Expand

Image Credit: Microsoft

Announced today, Microsoft has released a ‘one-click’ tool that is able to patch Exchange Server 2013, 2016, and 2019 deployments. The company says that this tool is designed as an interim mitigation solution but does not fully replace the previously released patch for these systems.

This tool also includes Microsoft Safety Scanner and once you run the application, it will perform the following actions:

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

  • Mitigate against current known attacks using CVE-2021-26855 using a URL Rewrite configuration.
  • Scan the Exchange Server using the Microsoft Safety Scanner.
  • Attempt to reverse any changes made by identified threats.

The company says that before running the tool, it’s important to understand that this patch is only effective against attacks that the company has seen so far and it is not guaranteed to protect against future attacks. They also recommend this tool over the previously released ExchangeMitigations.ps1. Further, if you have already started using the other script, you can migrate to this new tool without any issues.

While it’s unfortunate that HAFNIUM has existed in the first place, at least now there is a tool that is going to help the smaller organizations that may not have the resources need to patch their environment.

Download: Microsoft Exchange On-Premises Mitigation Tool


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By