One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
By Microsoft Team
March 16, 2021
We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated threats from the recent Exchange Server on-premises attacks. Based on these engagements we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server.
Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.
downloading and running this tool, which includes the latest
customers will automatically mitigate CVE-2021-26855 on any
Exchange server on which it is deployed. This tool is not a
replacement for the Exchange security update but is the
fastest and easiest way to mitigate the highest risks to
internet-connected, on-premises Exchange Servers prior to
Once run, the Run EOMT.ps1 tool will perform three operations:
against current known attacks using CVE-2021-26855 using a
URL Rewrite configuration.
Before running the tool, you should understand:
For more technical information, examples, and guidance please review the GitHub documentation.
Microsoft is committed to helping customers and will continue to offer guidance and updates that can be found at https://aka.ms/exchangevulns.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS GUIDANCE. The Exchange On-premises Mitigation Tool is available through the MIT License, as indicated in the GitHub Repository where it is offered.