A one-click mitigation tool released by Microsoft to help organizations protect themselves from the Exchange Server compromise has been downloaded more than 25,000 times since it was released, the Associated Press reported Monday.
Citing a White House National Security Council spokesperson, the AP reported that the number of vulnerable systems has fallen by 45%, thanks in part to the Microsoft tool.
Microsoft released the tool last week to help smaller organizations that don’t have dedicated IT or cybersecurity teams mitigate the Exchange Server vulnerability that could allow a hacker to access a customer’s Exchange Server, steal data and establish a persistence presence in a victim’s IT environment.
Chinese nation-state hackers are believed to be behind the initial exploits starting in early January, and copycats have been trying to replicate the attack chain since the vulnerabilities were disclosed earlier this month. That makes eliminating this vulnerability and patching systems critical but applying Microsoft’s comprehensive patch can be difficult without dedicated IT personnel.
Since Microsoft released the tool, the number of vulnerable systems has fallen to fewer than 10,000 from at least 120,000 at the peak, the AP reported.
Here is more from AP’s reporting:
While Microsoft has taken considerable heat for being the provider of software that elite hackers have exploited, Charles Carmakal, senior vice president and chief technical officer of prominent cybersecurity firm FireEye, said Microsoft, based in Redmond, Washington, deserves credit for working hard to help people who run its software defend themselves.
He cited, especially, the downloadable turnkey script that people can use to apply patches and see if their systems have been compromised.
“The level of effort that they put into this to help companies defend themselves is terrific,” he said. “It’s a tough situation that organizations are in with the vulnerability in general.”
Since Microsoft disclosed the vulnerabilities and released a full security patch, the company has been active in following up on this issue with its customers and the IT community at large. In addition to the one-click mitigation tool, the company released an automatic mitigation feature for Microsoft Defender and Antivirus, and updates to help customers running older and unsupported versions of Exchange Server patch their systems.
Microsoft was similarly active in helping organizations and the U.S. government recover from the SolarWinds compromise, which also involved Microsoft. The company has never been one to shy away from addressing technology and security issues and has taken center stage on protecting against nation state hacks and election interference. Continue to look to Microsoft for guidance on these issues.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!