blog.icewolf.ch

Let's talk about IT!
posts - 2247, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Exchange Server Zero-Day - Emergency Mitigation Service applied URL Rewrite

Hi All,

On 29. September Microsoft reported Zero-Day Vulnerabilities in Exchange Server and published the Advisory below.

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

I was wondering if the Exchange Server Emergency Mitigation Service kicked in. But until FR Evening 30 September there was just the default Rule

."C:\Program Files\Microsoft\Exchange Server\V15\scripts\Get-Mitigations.ps1"


When i checked today, a new Rule has been deployed

."C:\Program Files\Microsoft\Exchange Server\V15\scripts\Get-Mitigations.ps1"


You can see the Rule in the XML that is the base for the Mitigation Service



If you want to check the URL Rewrite here is how to do it

%systemroot%\system32\inetsrv\iis.msc





In my Opinion it took way to long until the Rule was published out to the Exchange Server Emergency Mitigation Service. Due to the fact, that there were seen such Attacs in the wild. Altough i appreciate the fact, that they are now available and help to Protect Customers from these Attacks.

For Systems that do not have the Exchange Server Emergency Mitigation Service Enabled or older Exchange Versions you can use the Script from Microsoft.

Exchange On-premises Mitigation Tool v2 (EOMTv2)

Regards
Andres Bohren


Print | posted on Saturday, October 1, 2022 8:53 AM | Filed Under [ Exchange ]

Powered by:
Powered By Subtext Powered By ASP.NET