CVE-2021-26858 Detection

Summary

This monitor will look for endpoints that may be vulnerable to Windows CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability).

Details

Suggested "Limit to": Exchange Servers
Suggested Alert Style: Once
Suggested Alert Template: ~Autofix - Run Exchange Zero-Day Patch

Insert the details of the monitor in the table below.

Check Action	Server Address	Check Type	Check Value	Comparator	Interval	Result
System	127.0.0.1	Run File	Check Below	Missing	3600 (1 hour)	N/A

Check Value: C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -ExecutionPolicy Bypass -Command "Get-ChildItem -Recurse -Path \"$env:PROGRAMFILES/Microsoft/Exchange Server/V15/Logging/OABGeneratorLog/*.log\" -ErrorAction SilentlyContinue"

Dependencies

Exchange Zero Day Patch Logging

Target

Managed Exchange servers

Summary​

Details​

Dependencies​

Target​

Summary

Details

Dependencies

Target