![]() ![]() ![]() Microsoft has published a script (Test-ProxyLogon.ps1) on GitHub that can be used to check your Exchange servers if they are compromised. Mitigation rules are an IIS Re-Write Rule, disabling UM services and disable OAB en ECP Application Pool. These mitigation rules are temporary though and should only be used until the Exchange servers are fully patched. Microsoft also posted a number of mitigation rules on the Microsoft Security Response Center Blog.Similar to the previous bullet, Exchange hybrid servers should not be publicly available, only Exchange Online must be able to access the Exchange on-premises servers.This works well from a security perspective. I have two customers that have their Exchange servers available only via a VPN connection. Exchange server that are not available on the Internet are much less vulnerable (ok, this is an open door, I know).There are some mitigation rules available though: If you have an older version of Exchange running you have to bring it to the latest Cumulative Update first and then deploy the Security Update. Unfortunately this patch is only available for recent versions of Exchange 2019 and Exchange 2016 and the last version of Exchange 2013. Last week Microsoft discovered a zero-day vulnerability for Exchange (which was initially detected by security companies last January) and an urgent patch was released.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |