HealthChecker
CSS-Exchange
Our great sponsors
HealthChecker | CSS-Exchange | |
---|---|---|
20 | 98 | |
315 | 1,194 | |
- | 0.4% | |
8.8 | 0.0 | |
almost 3 years ago | 5 days ago | |
PowerShell | PowerShell | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HealthChecker
-
Exchange 2019 still requires obsolete UCM4 installation
Exchange 2016 / Exchange 2019 wrong recommendations on Unified Communications Managed API - Microsoft Q&A [New Check] Check installed UCMA version · Issue #538 · dpaulson45/HealthChecker (github.com) HealthChecker - [New Check] Check installed UCMA version · Issue #535 · microsoft/CSS-Exchange (github.com)
-
Get-Hotfix not working for Exchange patches?
Microsoft’s Exchange healthchecker.ps1 script also checks for, and displays, installed patches: https://github.com/dpaulson45/HealthChecker
-
Critical Exchange CVEs for April 2021 are here, are you ready for another round?
Version 3.3.8 of the Exchange Health Checker. Post-update on Ex2013 seems to work correctly, but bombs out on pre-update Ex2016 for me without any obvious reason why in the logs. Oh well.
- Credential Guard on Exchange Server
-
Question About Zero-Day Exchange Patch
The healthchecker script will let you know which vulnerabilities are present; https://github.com/dpaulson45/HealthChecker
-
Active Directory and Snapshots
Run the HealthChecker.ps1 from https://github.com/dpaulson45/HealthChecker
-
How Does Exchange Exploit Affect Hybrid Environments?
Run through this post https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ and this heath check https://github.com/dpaulson45/HealthChecker#download
-
How to tell if my managed exchange server has been updated after the hafnium attack
Use the HealthChecker.ps1 script.
-
Finding IOC in Exchange
First, I ran the Exchange Health Check script which confirms that the hot fix and CU have been applied to the server.
- Exchange 2016 not work after update from CU3 to CU19
CSS-Exchange
- Has anyone ran the CVE-2023-23397 script against a large environment?
-
CVE-2023-23397
The MaxServicePointIdleTime property I changed because of what I saw suggested here: https://github.com/microsoft/CSS-Exchange/issues/1581.
-
CVE-2023-23397 - Critical Elevation of Privilege zero-day in Microsoft Outlook, severity 9.8
This is actively exploited, patch immediately. Microsoft also provided a script that checks Exchange items for malicious messaging items: https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md
-
// SITUATIONAL AWARENESS // Hunting Microsoft Word NTLM Relay Vulnerability CVE-2023-23397
Microsoft has released a PowerShell script that can be run on Exchange infrastructure to scan email files for malicious UNC paths, however, patching is the preferred mitigation strategy.
-
Exchange 0day exploit in wild
I would expect that installing the URL Rewrite 2 module shouldn't cause any problems -- E2013 as such doesn't care about it. In fact, Microsoft's own EOMT script for the Hafnium mitigations suggests installing it. It'll likely require a reboot, though, or at the very least an IIS restart.
-
Health checker reports unsigned IIS modules (Exchange 2013 CU23)
Yep, the August security update and OS updates were installed on all four nodes. But the order in which they were installed may have been different... I don't recall. Someone just posted above that this is a known problem with Windows 2012/R2: https://github.com/microsoft/CSS-Exchange/pull/1166
- Critical privileged elevation patch incoming next week.
- Exchange Admin?
-
May 2022 Security Update - detection
Which is the latest I can find on Github. This server is running Exchange 2019 CU 11. It has the March updates (KB5012698), but not the May one (KB5014261). You can also verify from the build number it's not up to date. There are no vulnerabilities reported and the only thing in "red" is that TCP keepalive warning.
-
Exchange 2019 still requires obsolete UCM4 installation
https://github.com/microsoft/CSS-Exchange/issues/535 Even the maintainer David Paulson of the ExchangeHealtcheck script opened an issue on this matter, only waiting on feedback of the Exchange Team.
What are some alternatives?
Automate-Powershell
New-KrbtgtKeys.ps1 - This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber
GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
exchange_webshell_detection - Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Metasploit - Metasploit Framework
badExchangePews
Cyber-Defence - Information released publicly by NCC Group's Cyber Incident Response Team
scanning
IISBackdoorDetect - Detects IIS modules such as IIS-RAID
postfix - Postfix MTA by Wietse Venema