A wild tornado on loose
In early-January, Microsoft was first alerted about these vulnerabilities being exploited by cybercriminals. Later, within a few days, multiple threat actors started exploiting these vulnerabilities.
A top U.S. cybersecurity official stated that thousands of Exchange servers are still compromised to malicious attacks even after applying fixes. This is because the patches only close the door for new attacks, however, these won't evict a hacker from an already compromised system.
Moreover, there are still 10,000 vulnerable and unpatched systems in the U.S.
The Chinese cyber-espionage unit Hafnium has victimized at least 30,000 U.S. organizations, seizing hundreds of thousands of Exchange mail servers around the world.
Black Kingdom ransomware has been targeting Exchange Server victims located in Canada, Austria, Switzerland, Russia, France, Israel, the U.K, Italy, Germany, Greece, Australia, Croatia, and the U.S.
A one-click solution
The tool mitigates the threat posed by four actively-exploited vulnerabilities. In addition, it has URL rewrite mitigation for CVE-2021-26855 that leads to remote code execution attacks.The tool easily works on existing Exchange servers and includes Microsoft Safety Scanner.
Microsoft already released an microsoft exchange attacks tornado loose
