Security Advisory: Mitigating the Risk of Microsoft Exchange Zero-Day ProxyLogon Vulnerabilities

Microsoft recently released several security updates for Microsoft Exchange Server to address vulnerabilities that sophisticated nation-state actors are exploiting to exfiltrate critical data from a variety of organizations. Reports suggest attackers have been targeting these vulnerabilities since January 27, and anywhere between 30,000 to 60,000 organizations have been hacked by exploiting the vulnerabilities.

Due to the unprecedented nature of the risk, CISA has published the Emergency Directive 21-02 requiring federal agencies and commercial organizations to immediately apply the patches to affected systems.

Detect and Respond to Address the Risk

The Qualys Security Research team released new detections (QIDs) for these vulnerabilities on March 3, along with a technical blog post detailing the vulnerabilities and their impact,  the new detections, the list of patches to deploy, and step-by-step instructions on how to use the Qualys Cloud Platform and apps to address the risk.

We recommend security teams take immediate action.

Free 60-Day Vulnerability Management, Detection & Response Service 

For the wider community of security professionals, Qualys is offering an integrated VMDR service free for 60 days to help organizations automate the process of addressing these vulnerabilities.

This new service will enable IT and security teams with:

Discovery of Microsoft Exchange Servers  

The first step is identification of assets hosting Microsoft Exchange Servers. Once the hosts are identified, they can be grouped together for easier management and automatic inclusion of any new Exchange servers that spin up in your environment.

Continuous Detection of Vulnerabilities

Continuously detect ProxyLogon vulnerabilities and automatically generate a correlated list of missing patches to deploy, based on the detections created by the Qualys Security Research team.

Automatic Deployment of Patches

Automatically deploy the required Microsoft patches remotely from cloud, without using your VPN bandwidth.

Mitigating Controls

For Exchange environments which can’t be immediately patched, apply the interim mitigating controls recommended by Microsoft to reduce the risk, and assess the hardening posture of these controls.  

Monitoring via Dashboards

Track ‘Exchange 0-day’ impacted hosts, their status and remediation in real time with VMDR Dashboard.

Exchange Server 0-Day Dashboard

Webinar: Mitigate the Risk of ProxyLogon

The Qualys Security Research team is hosting a webinar on March 12 at 9am Pacific to discuss the vulnerabilities’ impact and showcase how to mitigate the risk. Register for the webinar.

Additional Resources