While ProxyLogon is the successful weaponization of the Exchange Server flaws, which attackers have leveraged to access Exchange Servers, and gain control and persistent system access to enterprise networks.
The ProxyLogon mitigation software applies all the countermeasures necessary to secure vulnerable Exchange server environments against the ongoing widespread cyberattacks.
Reasons for the Widespread attacks against unpatched Exchange Servers
Due to the successful weaponization of the Exchange Servers flaws which allows attackers to gain persistent system access and control of enterprise networks, there's been a widespread attacks against unpatched Exchange Servers.
And with the rapid expansion of attacks on vulnerable Exchange Servers, several threat actors are exploiting the vulnerabilities using the proof-of-concept (PoC) code shared on GitHub, before they were eventually deleted by Microsoft, and with the new ransomware threat, unpatched Exchange Servers are not only at risk of data theft but also potentially having the data encrypted, thus preventing the organization from getting access to the data.
Microsoft believes the initial attacks originates from Hafnium, a state-sponsored hacker group operating out of China, and the claims were tied to Hafnium activities which include conducting reconnaissance of victim environments by the deployment of batch scripts that automate functions like network discovery, account enumeration, and credential-harvesting.
How to Use This One-Click Mitigation Tool to Prevent Exchange Attacks?
With the Exchange On-premises Mitigation Tool (EOMT) which is now available to mitigate against current known Exchange attacks, you can simply scan the Exchange Server using the Microsoft Safety Scanner to discover any deployed web shells, and remediate the detected compromises.
Albeit, the tool is designed to serve as an interim mitigation for customers who are yet to patch/update their software and applied the on-premises Exchange security update released by Microsoft.