21.03.2021

Scan Exchange Log Files for Intrusion (ProxyLogon) CVE-2021-26855 Vulnerability

In this video you will learn how to use Nmap & Powershell to scan your Microsoft Exchange environment for the ProxyLogon exploit (CVE-2021-26855). The Microsoft provided Powershell script can automatically scan Exchange log files for suspicious activity. Both scripts can be used to help you quickly determine potential for exploitation without installing additional tools and locate Exchange hosts that may have been targeted.

 

Links: GitHub(Microsoft): https://github.com/microsoft/CSS-Exchange/tree/main/Security

Microsoft Security Blog: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Vulnerability Details: https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

 

Why you need Managed Security Services?

Most networks are compromised as a result of the most common, textbook vulnerabilities. These are not sophisticated hacks requiring deep infiltration or complex exploit code. Most are exploited through “low hanging fruit” like:

Passwords
Legacy protocols
Lack of security policies

Contact us or call toll-free: 1-833-630-2888