{"id":1235,"date":"2021-03-08T18:25:36","date_gmt":"2021-03-08T12:55:36","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1235"},"modified":"2021-06-07T11:02:24","modified_gmt":"2021-06-07T05:32:24","slug":"microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/","title":{"rendered":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks!"},"content":{"rendered":"\n
Microsoft launched another PowerShell script tool that can check the Exchange Servers is not hacked with new ProxyLogon malware.<\/p><\/p>\n\n\n\n
On 2nd March, Microsoft announced another out-of-band emergency security update and fixed all 4 zero-day vulnerabilities activated in Microsoft Exchange. These activated vulnerabilities are identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.<\/p><\/p>\n\n\n\n
ProxyLogon is chained of these known vulnerabilities that allow the hackers to execute remote code execution on the publicly exposed Microsoft Exchange server that utilizes Outlook Web Application.<\/p><\/p>\n\n\n\n
While executing these attacks, the hackers installed web shells that authorized the hackers to control the server and access the network. These attacks are connected with China hacking group named HAFNIUM.<\/p><\/p>\n\n\n\n
How does the Script <\/strong>W<\/strong>ork?<\/strong><\/h2>\n\n\n\n
While talking about these vulnerabilities, Microsoft provides the list of commands to the administrators while checking if the server is hacked or not. These commands are needed to be executed manually and to check for the IOC in Exchange HttpProxy Logs, Exchange log files, and in Windows Application event logs.<\/p><\/p>\n\n\n\n
However, yesterday Microsoft also released a PowerShell script for Exchange support engineer\u2019s GitHub that was named as Test-ProxyLogon.ps1<\/strong> for automating the task to the admins.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Microsoft also provides multiple instructions that used the script to verify the Microsoft Exchange server or all the servers that were connected to the organization.<\/p><\/p>\n\n\n\n
While checking all the exchange servers and downloading the logs to the desktop, users will have to run the following command in Exchange Management Shell:<\/p><\/p>\n\n\n\n
Cybersecurity and Infrastructure Security Agency also recommends that all the organizations had to check and utilize the script on the server that had been compromised. The organization CISA is also aware of this widespread domestic and international spread of these vulnerabilities present and recommends all the organizations to run this ProxyLogon.ps1 test as soon as possible. With the help of this test, organizations can know if they are the victim of this or not.<\/p><\/p>\n\n\n\n
Whereas, more than 30,000 Exchange Servers are been compromised and all the infected organizations had to check and install new Exchange security updates and make sure that they had not infected by this attack.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft launched another PowerShell script tool that can check the Exchange Servers is not hacked with new ProxyLogon malware. On 2nd March, Microsoft announced another out-of-band emergency security update and fixed all 4 zero-day vulnerabilities activated in Microsoft Exchange. These activated vulnerabilities are identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. ProxyLogon is chained of these […]<\/p>\n","protected":false},"author":2,"featured_media":1237,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\n
Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Microsoft launched another PowerShell script tool that can check the Exchange Servers is not hacked with new ProxyLogon malware. On 2nd March, Microsoft announced another out-of-band emergency security update and fixed all 4 zero-day vulnerabilities activated in Microsoft Exchange. These activated vulnerabilities are identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. ProxyLogon is chained of these […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-08T12:55:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:32:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/microsoft-exchange-pathlogan-script-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks!\",\"datePublished\":\"2021-03-08T12:55:36+00:00\",\"dateModified\":\"2021-06-07T05:32:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\"},\"wordCount\":426,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\",\"url\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\",\"name\":\"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-03-08T12:55:36+00:00\",\"dateModified\":\"2021-06-07T05:32:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited","og_description":"Microsoft launched another PowerShell script tool that can check the Exchange Servers is not hacked with new ProxyLogon malware. On 2nd March, Microsoft announced another out-of-band emergency security update and fixed all 4 zero-day vulnerabilities activated in Microsoft Exchange. These activated vulnerabilities are identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. ProxyLogon is chained of these […]","og_url":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-03-08T12:55:36+00:00","article_modified_time":"2021-06-07T05:32:24+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/microsoft-exchange-pathlogan-script-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks!","datePublished":"2021-03-08T12:55:36+00:00","dateModified":"2021-06-07T05:32:24+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/"},"wordCount":426,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/","url":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/","name":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-03-08T12:55:36+00:00","dateModified":"2021-06-07T05:32:24+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/microsoft-launched-new-tools-that-checks-exchange-servers-for-proxylogon-hacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Launched New Tools that Checks Exchange Servers for ProxyLogon Hacks!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1235"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1235"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1235\/revisions"}],"predecessor-version":[{"id":1238,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1235\/revisions\/1238"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1237"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Microsoft](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/microsoft-pathlogan-script-image-1024x549.jpg\")
<\/figure><\/div>\n\n\n\n