@Nino Bilic On a Windows 2019 Core installation, outside of running
Healthchecker, how do you confirm the installation of KB5000871 ? It
does not show up in the WAC or via the get-hotfix command.
We are seeing HTTP status code 241 in IIS logs taken from compromised
Exchange servers - is this something that anyone else has noticed or is
there someone at Microsoft who can collaborate this unusual code
appearing in logs?
@Nino Bilic Thanks Nino. I saw that and just ran it this morning. Came
back clean. So I feel based on the information we have up to this point
we were very lucky. Do you think it can be said with reasonable
confidence that if all you found were Autodiscover log entries and MSERT
did not find anythin...
@JamesTechnet - FYI, there is a new development that can help here (with
remediation): the MSTIC team has updated their post about March
vulnerabilities (scroll all the way down) to mention that the Microsoft
Safety Scanner - MSERT tool has been updated to scan Exchange server.
Latest Comments