HackTool:Win32/Mexlib.A!dha

Guidance for individual users

• Keep your operating system and antivirus products up to date. Customers who have turned on automatic updates do not need to take additional action.
• Proactively implement and frequently validate a data backup and restore plan as part of broader protection against ransomware and extortion threats.
• Take these steps to help prevent malware infection on your computer.

Guidance for enterprise administrators and Microsoft 365 Defender customers

Apply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.

• All customers should prioritize patching of CVE-2022-22047.
• Confirm that Microsoft Defender Antivirus is updated to security intelligence update 1.371.503.0 or later to detect the related indicators.
• Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.
• Change Excel macro security settings to control which macros run and under what circumstances when you open a workbook. Customers can also stop malicious XLM or VBA macros by ensuring runtime macro scanning by Antimalware Scan Interface (AMSI) is on. This feature—enabled by default—is on if the Group Policy setting for Macro Run Time Scan Scope is set to “Enable for All Files” or “Enable for Low Trust Files”.
• Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity. Note: Microsoft strongly encourages all customers download and use password-less solutions like Microsoft Authenticator to secure accounts.
• Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single factor authentication, to confirm authenticity and investigate any anomalous activity.