Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

admin by admin
October 9, 2022
in Ethical Hackers


Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server.

To that end, the tech giant has revised the blocking rule in IIS Manager from “.*autodiscover.json.*Powershell.*” to “(?=.*autodiscover.json)(?=.*powershell).”

CyberSecurity

The list of updated steps to add the URL Rewrite rule is below –

  • Open IIS Manager
  • Select Default Web Site
  • In the Feature View, click URL Rewrite
  • In the Actions pane on the right-hand side, click Add Rule(s)…
  • Select Request Blocking and click OK
  • Add the string “(?=.*autodiscover.json)(?=.*powershell)” (excluding quotes)
  • Select Regular Expression under Using
  • Select Abort Request under How to block and then click OK
  • Expand the rule and select the rule with the pattern: (?=.*autodiscover.json)(?=.*powershell) and click Edit under Conditions
  • Change the Condition input from {URL} to {UrlDecode:{REQUEST_URI}} and then click OK

Alternatively, users can achieve the desired protections by executing a PowerShell-based Exchange On-premises Mitigation Tool (EOMTv2.ps1), which has also been updated to take into account the aforementioned URL pattern.

CyberSecurity

The actively-exploited issues, called ProxyNotShell (CVE-2022-41040 and CVE-2022-41082), are yet to be addressed by Microsoft, although with Patch Tuesday right around the corner, the wait may not be for long.

Successful weaponization of the flaws could enable an authenticated attacker to chain the two vulnerabilities to achieve remote code execution on the underlying server.

The tech giant, last week, acknowledged that the shortcomings may have been abused by a single state-sponsored threat actor since August 2022 in limited targeted attacks aimed at less than 10 organizations worldwide.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Parrot 5.1 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Next Post

How to watch Fire Country Season 1 Online

Next Post

How to watch Fire Country Season 1 Online

Recommended

Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

4 months ago

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

2 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.