Last Modified Date3/9/2021 12:21 AM
Microsoft published the following article that contains information about indicators of compromise related to CVE-2021-26855
This 24x7 Check will check for and fail if the IoC for CVE-2021-26855 are present on the Server.
This should not be considered a full validation that a system was not affected by CVE-2021-26855.
Due to the nature of the vulnerability sufficiently advanced threat actors will be able to remove these indicators and further forensic analysis of the server may be required.
Custom Service / Script Check
Windows Server 2012 / 2012R2;Windows Server 2016;Windows Server 2019
Compatible with N-Central
N-Central minimum version
Compatible with RMM
Only use for Exchange Servers. Check will always fail on systems not running Exchange.
Will output pass or fail conditions to More Information column of the check.
CVE-2021-26855 Exchange IOC proxylogon