Ae banner

Exchange Proxy Logon Vulnerability Test

tests known CVEs related to Hafnium

Description

This procedure will check exchange servers for vulnerabilities identified by Microsoft in the following article: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log

The procedure checks for potential [CVE-2021-26855], [CVE-2021-26857], [CVE-2021-26858], and [CVE-2021-27065] vulnerabilities and reports it to the script log. If a potential vulnerability is identified, an alarm is generated for that agent.

Specific logs that are triggered as being evidentiary of vulnerability are uploaded to the GetFile page per agent for further review.

Note: Kaseya has used and slightly modified Microsoft Security Tests made for these vulnerabilities (https://github.com/microsoft/CSS-Exchange/tree/main/Security) in the creation, but due to the polymorphic nature of advanced threats, a clean result does not guarantee a protection from compromise. Kaseya recommends use of this script in conjunction with a layered organizational defensive strategy for most complete protection.

Developer
  • Name: Kaseya Automation Team
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Exchange Proxy Logon Vulnerability Test
  • 47 Downloads
  • Version:
  • Initially Released March 10th, 2021
  • Reviews

    Exchange Proxy Logon Vulnerability Test has no reviews.

    Discussion

    Exchange Proxy Logon Vulnerability Test has no comments.