CVE-2021-26855 解释

我于 3/3 打了补丁

这看起来就像我们被探测了，但没有被攻陷，有人能确认一下吗？我不确定如何解释这一点。

运行 Test-Hafnium.ps1

CVE-2021-26855.log 的内容

#TYPE Selected.System.Management.Automation.PSCustomObject
"DateTime","AnchorMailbox"
"2021-03-02T09:50:56.279Z","ServerInfo~a]@Exchange001.contoso.com:444/autodiscover/autodiscover.xml?#"

编辑：扫描发现以下条目

2021-03-02T09:50:56.279Z,5f083d36-1b8a-489b-9bdc-e3859dea08f4,15,1,2106,2,,Ecp,207.207.49.16,/ecp/y.js,,FBA,false,,,ServerInfo~a]@Exchange001.contoso.com:444/autodiscover/autodiscover.xml?#,ExchangeServicesClient/0.0.0.0,157.230.221.198,EXCHANGE001,200,200,,POST,Proxy,exchange001.contoso.com,15.00.0001.000,IntraForest,X-BEResource-Cookie,,,,347,362,,,0,0,,0,,0,,0,0,,0,295,0,0,17,0,274,0,0,0,1,0,294,1,274,4,21,21,295,,,,BeginRequest=2021-03-02T09:50:55.983Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1941962753;NewConnection=::1&0;BeginGetRequestStream=2021-03-02T09:50:55.983Z;OnRequestStreamReady=2021-03-02T09:50:55.998Z;BeginGetResponse=2021-03-02T09:50:55.998Z;OnResponseReady=2021-03-02T09:50:56.279Z;EndGetResponse=2021-03-02T09:50:56.279Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2021-03-02T09:50:56.279Z;,,,,,,CafeV1

在以下文件中

"\\exchange001.contoso.com\C$\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ecp\HttpProxy_2021030209-1.LOG"

我没有找到任何条目[电子邮件保护]在任何日志文件中