New Mitigation for Microsoft Exchange Zero Day Vulnerability

Published On: October 6, 2022Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team urges Microsoft Exchange Servers users to review the new remediation tips for TWO zero-day vulnerabilities. The vulnerabilities are tracked by the National Institute of Standards and Technology as CVE-2022-41040 and CVE-2022-41082. The vulnerabilities impact Exchange Server 2013, 2016, and 2019 based on the reports of in-the-wild exploitation.

Microsoft workaround:

Microsoft recommends user to add a blocking rule in IIS Manager as a temporary workaround.

Here is how to add the blocking rule:

  • Microsoft has since revised the URL Rewrite rule (also available as a standalone PowerShell script) to take this into account –
  • Open IIS Manager
  • Select Default Web Site
  • In the Feature View, click URL Rewrite
  • In the Actions pane on the right-hand side, click Add Rule(s)…
  • Select Request Blocking and click OK
  • Add the string “.*autodiscover\.json.*Powershell.*” (excluding quotes)
  • Select Regular Expression under Using
  • Select Abort Request under How to block and then click OK
  • Expand the rule and select the rule with the pattern: .*autodiscover\.json.*Powershell.* and click Edit under Conditions
  • Change the Condition input from {URL} to {REQUEST_URI}

Please reach out to SensCy for any additional questions or concerns.

Related Posts

  • February 28, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Below are the new available [...]

  • February 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, February 13, 2023. Today’s Patch Tuesday comes fix [...]

  • February 7, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update remediate two [...]