Share via

Hafnium Question

Lyndon 1 Reputation point
2021-03-24T04:51:14.46+00:00

Hi Microsoft Community, may we ask for your help, we already patched our Servers and run the tools from MS and we are fully patched and no malicious files based on Microsoft Safety Scanner. But we can still saw some aspx files and .exe files dropped in our system in our exchange server. The executable files are being blocked by our endpoint protection. May we request for help on what would be our next step for this. Thank you!

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management

The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 160.3K Reputation points MVP Volunteer Moderator
    2021-03-24T11:44:03.203+00:00

    Remove those files?

    If you did a full scan and all the other checks pass, then the system is probably ok, but you will need to determine that.

    If you have any doubts about the server, rebuild it.

    Here is the official guidance:
    https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.