Windows Server

Fresh Exchange 2013, 2016, 2019 OnPrem Zero Day – Steps to mitigate

September 30, 2022 by AJNI 4 Comments

Exchange Zero days are very common these days and there is a freshly baked one today (30th September 2022 as of writing). If you want to know what how the vulnerabilities work, take a look at the reference at the bottom. As a sysadmin I care about securing my systems.

Here are a few steps to mitigate this zero day vulnerability:

In IIS Manager on the Exchange Server, select the Autodiscover virtual directory and open URL Rewrite and add a new rule.

Select Request Blocking

Enter the string

.*autodiscover\.json.*\@.*Powershell.*

Using should be changed to Regular Expression.

Change URL to REQUEST_URI and save the changes.

References:

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Reading time: 1 min

Like what you are reading? Buy me a coffee.

Tip Of the Day

Keep in touch

Oh hi there!
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Categories

Archives