There are a series of defects in the independent installation of Microsoft Exchange server, which leads to a large-scale network security incident. Hundreds of thousands of exchange server installations have been hacked by hafnium.Krebson security reports that a large number of small businesses, towns, cities and local governments have been infected, and hackers have stolen data and left a webshell for further command and control.
In order to help potential victims judge and solve problems quickly, Microsoft today released new tools and guidelines to help server administrators detect and mitigate threats.
Microsoft has also released an emergency alternative mitigation guide for administrators who are unable to apply the built-in independent update released by Microsoft on March 2. However, applying patches is still the most effective preventive measure. If your server is infected, comprehensive remediation will be a bigger job.