Friday, March 29, 2024

Exchange zero-day: Microsoft improves workaround again

Date:

Exchange administrators can’t rest: After an initial workaround for an actively targeted zero-day vulnerability in Exchange failed to protect properly and Microsoft released an updated set of rules, the vendor once again released an updated rule. Microsoft advises administrators to delete the previously created rule and use a new one.

In the Updated Microsoft Countermeasure Guide the company explains that the new request blocking rule that will be created for automatic detection is the character string .*autodiscover\.json.*Powershell.* will receive. Admins need to select “Regular Expression” under “Usage” and “Cancel Request” for “How to Block”. What’s new now is to select the newly created rule and click “Edit” under “Conditions”. In the “Input Condition” field, administrators must enter the character string {URL} in {UrlDecode:{REQUEST_URI}} change.

To better protect against vulnerability attacks, IT administrators should also disable remote access to PowerShell for non-administrators. In the update, Microsoft makes it very clear that administrators must implement both measures, i.e. create the rule and revoke remote access to PowerShell.

For Exchange installations where administrators have enabled Exchange Emergency Mitigation Service (EEMS), Microsoft has now redistributed the updated rule. Administrators do not have to take action here. Without this service, administrators can use the also ported EOMTv2 script with version number 22.10.05.2304 to automatically enter the rule or create the rule completely manually.

Hopefully the current set of rules will work against active attacks without further change and that Microsoft may soon provide a software update that properly closes the security gaps.

also read



(DMK)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...