question

Lyndon-8935 avatar image
0 Votes"
Lyndon-8935 asked KaelYao-MSFT commented

Hafnium Question

Hi Microsoft Community, may we ask for your help, we already patched our Servers and run the tools from MS and we are fully patched and no malicious files based on Microsoft Safety Scanner. But we can still saw some aspx files and .exe files dropped in our system in our exchange server. The executable files are being blocked by our endpoint protection. May we request for help on what would be our next step for this. Thank you!

office-exchange-server-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @Lyndon-8935

Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

0 Votes 0 ·

1 Answer

AndyDavid avatar image
1 Vote"
AndyDavid answered AndyDavid edited

Remove those files?

If you did a full scan and all the other checks pass, then the system is probably ok, but you will need to determine that.

If you have any doubts about the server, rebuild it.

Here is the official guidance:
https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.