Wednesday, December 4, 2024

Exchange zero-day: Microsoft improves workaround again

Date:

Exchange administrators can’t rest: After an initial workaround for an actively targeted zero-day vulnerability in Exchange failed to protect properly and Microsoft released an updated set of rules, the vendor once again released an updated rule. Microsoft advises administrators to delete the previously created rule and use a new one.

In the Updated Microsoft Countermeasure Guide the company explains that the new request blocking rule that will be created for automatic detection is the character string .*autodiscover\.json.*Powershell.* will receive. Admins need to select “Regular Expression” under “Usage” and “Cancel Request” for “How to Block”. What’s new now is to select the newly created rule and click “Edit” under “Conditions”. In the “Input Condition” field, administrators must enter the character string {URL} in {UrlDecode:{REQUEST_URI}} change.

To better protect against vulnerability attacks, IT administrators should also disable remote access to PowerShell for non-administrators. In the update, Microsoft makes it very clear that administrators must implement both measures, i.e. create the rule and revoke remote access to PowerShell.

For Exchange installations where administrators have enabled Exchange Emergency Mitigation Service (EEMS), Microsoft has now redistributed the updated rule. Administrators do not have to take action here. Without this service, administrators can use the also ported EOMTv2 script with version number 22.10.05.2304 to automatically enter the rule or create the rule completely manually.

Hopefully the current set of rules will work against active attacks without further change and that Microsoft may soon provide a software update that properly closes the security gaps.

also read



(DMK)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...