Exploit:Script/Exmann.A!dha

Guidance for enterprise administrators

• Apply the corresponding security updates for Exchange Server, including applicable fixes for CVE-2021-26855, CVE-2021-26858, CVE-2021-26857 and CVE-2021-27065. While it is important to prioritize patching of internet-facing Exchange servers to mitigate risk in an ordered manner, unpatched internal Exchange Server instances also suffer the same vulnerabilities.

• If you are unable to apply security updates to Exchange Server 2013, 2016, and 2019, apply the interim mitigations stated in the Microsoft Security Response Center (MSRC) blogpost Microsoft Exchange Server Vulnerabilities Mitigations — March 2021.

• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.

• Educate end users about preventing malware infections. Practice the principle of least-privilege and maintain credential hygiene. Avoid the use of domain-wide, admin-level service accounts. Restricting local administrative privileges can help limit installation of remote access tool (RAT)s and other unwanted applications.

• Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that contain exploits and host malware.

• Software developers and publishers are advised to maintain secure build and update infrastructure and to establish a response process for supply chain attacks. Updates should always be delivered using SSL connections and signed components.