• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft issues improved mitigations for unpatched exchange server vulnerabilities

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

You are here: Home / General Cyber Security News / Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
October 8, 2022

Microsoft on Friday disclosed it has produced far more improvements to the mitigation method presented as a signifies to protect against exploitation makes an attempt from the newly disclosed unpatched security flaws in Exchange Server.

To that close, the tech large has revised the blocking rule in IIS Supervisor from “.*autodiscover.json.*Powershell.*” to “(?=.*autodiscover.json)(?=.*powershell).”

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The list of up to date actions to include the URL Rewrite rule is below –

  • Open up IIS Manager
  • Pick out Default Web Site
  • In the Element Watch, simply click URL Rewrite
  • In the Steps pane on the ideal-hand aspect, click Add Rule(s)…
  • Find Ask for Blocking and click Alright
  • Incorporate the string “(?=.*autodiscover.json)(?=.*powershell)” (excluding quotes)
  • Pick out Normal Expression beneath Working with
  • Decide on Abort Ask for underneath How to block and then click on Ok
  • Increase the rule and find the rule with the sample: (?=.*autodiscover.json)(?=.*powershell) and click Edit less than Problems
  • Modify the Issue enter from URL to UrlDecode:Request_URI and then click on Okay

Alternatively, people can accomplish the desired protections by executing a PowerShell-dependent Exchange On-premises Mitigation Device (EOMTv2.ps1), which has also been current to acquire into account the aforementioned URL pattern.

CyberSecurity

The actively-exploited issues, known as ProxyNotShell (CVE-2022-41040 and CVE-2022-41082), are nevertheless to be addressed by Microsoft, though with Patch Tuesday correct all-around the corner, the wait around may possibly not be for lengthy.

Prosperous weaponization of the flaws could enable an authenticated attacker to chain the two vulnerabilities to obtain distant code execution on the fundamental server.

The tech large, final 7 days, acknowledged that the shortcomings may well have been abused by a solitary state-sponsored menace actor because August 2022 in constrained specific attacks aimed at fewer than 10 corporations globally.

Discovered this post fascinating? Adhere to THN on Fb, Twitter  and LinkedIn to examine additional exceptional content we publish.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News LofyGang Group Linked to Recent Software Supply Chain Attacks
Next Post: The Boeing 737 MAX debacle shows you can no longer escape liability due to poorly configured code the boeing 737 max debacle shows you can no longer»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.