Update: If you clicked on the links that go over how to test if you have been impacted and thought to yourself “None of this is PowerShell”. You would be right, I apologize, there is now a PowerShell solution so let’s link those here and, I don’t know….here?
Microsoft Exchange has multiple zero-day exploits right now. There are Remote code executions, Server-Side Request Forgeries, and Post-Authentication Arbitrary File Writes. Any one of these should send you to patch your Exchange immediately.
Below is a list of the CVE’s that need to be patched. The patch is already available, so you might want to jump onto this as soon as possible.
These have already been exploited by a group called HAFNIUM, so knowing it is already out in the wild elevates the risk. If you want to dive into patching your exchange, check here. If you would like to read up on how the attack works and check if you are a victim of it, read here and here.
I can hear you, though. Ah, man! I don’t want to download and update these manually; there has to be a better way! I have some excellent news for you. PDQ Deploy and PDQ Inventory Can help you patch your exchange systems. In no time, we have a scanner that will let you know the last time your system patched or if you have an update pending. If you are looking to skip the information and get right to the installation, the following PowerShell should work for you.
This does require the pswindowsupdate module to work. Reading this should help you get that done.
Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.