HomeTech NewsCybersecurityExchange zero-day: Microsoft improves workaround again

Exchange zero-day: Microsoft improves workaround again

Published on

- Advertisement -

After the first workaround for an Exchange zero-day vulnerability was ineffective and Microsoft made improvements, the manufacturer has again presented a correction.


Exchange administrators can’t rest: After an initial workaround for an actively attacked zero-day vulnerability in Exchange did not protect correctly and Microsoft published an updated set of rules, the manufacturer once again presented an updated rule. Microsoft advises administrators to remove the previously created rule and use a new one.

- Advertisement -


In the updated Microsoft Countermeasures Guide, the company explains that the new request block rule to be created for Autodiscover is the string .*autodiscover\.json.*Powershell.* shall receive. Administrators should select the “Regular Expression” option under “Using” and “Abort Request” for “How to block”. What is new now is to select the newly created rule and click on “Edit” under “Conditions”. In the “Condition Input” field, administrators should enter the character string {URL} in {UrlDecode:{REQUEST_URI}} change.

To better protect against attacks on the vulnerability, IT managers should also disable remote PowerShell access for non-administrators. In the update, Microsoft makes it very clear that administrators should implement both measures, i.e. creating the rule and revoking remote PowerShell access.

For Exchange installations in which the administrators have activated the Exchange Emergency Mitigation Service (EEMS), Microsoft has already distributed the updated rule again. Administrators do not have to take action here. Without this service, admins can either use the also adapted EOMTv2 script with version number to automatically enter the rule or create the rule completely manually.

- Advertisement -

It is to be hoped that the current set of rules will work against active attacks without further changes and that Microsoft will soon be able to provide a software update that correctly closes the security gaps.

- Advertisement -

Latest articles

The jobs that will appear new thanks to ChatGPT, Midjourney and company

The advancement of generative artificial intelligence (AI) is revolutionizing the labor market, and it...

Resident Evil 4 Remake will receive The Mercenaries mode in April

Capcom has confirmed that the popular The Mercenaries mode will be coming to the...

More like this