Hi Everyone,
I have a Win2012R2 with Exchange 2013 CU23 installed,
Last March I was one of the lucky guys who got the HAFNIUM exploit. After patching and cleaning everything ran smoothly.
The last 2 days my Exchange is down. I noticed the server clock goes ahead 16 min every minute. I´ve tried to manually update the clock and on each min thick the clock goes 16 min ahead.
So far I´ve:
Installed every security patch I could find.
Look for any ScheduleTask that could be set
Stop IIS7 (maybe was something running on the Application Pool)
Run Microsoft Safety Scanner
Run Kaspersky offline scanner
and can´t get anywhere .....
My sixth sense tells me its Exhcange exploit of some kind (and my other servers SQL / DC are not affected) by I can't seen to find it.
I see an Event saying "Change Reason: An application or system component changed the time." but I can´t trace it to the source.
Any idea how can I trace this app or what might be changing the clock?
Many thanks