Exchange Team Blog

You Had Me at EHLO..

Options
4,759
The_Exchange_Team on Oct 03 2022 02:19 PM
12.7K
The_Exchange_Team on Oct 01 2022 07:30 AM
46.6K
The_Exchange_Team on Sep 30 2022 12:06 AM
6,276
The_Exchange_Team on Sep 27 2022 07:09 AM
8,854
The_Exchange_Team on Sep 20 2022 06:56 AM
4,841
The_Exchange_Team on Sep 16 2022 10:45 AM
7,973
The_Exchange_Team on Sep 15 2022 03:23 PM
7,363
The_Exchange_Team on Sep 09 2022 08:40 AM
4,522
Scott Schnoll on Sep 07 2022 09:53 AM
289K
The_Exchange_Team on Sep 01 2022 08:00 AM
8,216
The_Exchange_Team on Aug 31 2022 07:33 AM
4,969
The_Exchange_Team on Aug 30 2022 07:50 AM
5,069
The_Exchange_Team on Aug 29 2022 08:57 AM
11.4K
The_Exchange_Team on Aug 22 2022 08:54 AM
5,289
The_Exchange_Team on Aug 11 2022 12:48 PM
112K
The_Exchange_Team on Aug 09 2022 10:04 AM
22.7K
The_Exchange_Team on Jun 30 2022 11:04 AM
11.7K
Scott Schnoll on Jun 24 2022 02:03 PM
49K
The_Exchange_Team on Jun 16 2022 08:00 AM
11.5K
The_Exchange_Team on Jun 06 2022 01:58 PM
64.6K
The_Exchange_Team on Jun 02 2022 10:01 AM
16.2K
The_Exchange_Team on Jun 02 2022 10:00 AM
7,690
The_Exchange_Team on Jun 02 2022 10:00 AM
17.8K
The_Exchange_Team on Jun 01 2022 07:19 AM
8,665
The_Exchange_Team on May 31 2022 09:28 AM
8,730
The_Exchange_Team on May 23 2022 07:16 AM
20.2K
The_Exchange_Team on May 18 2022 08:28 AM
8,844
The_Exchange_Team on May 16 2022 12:13 PM
108K
The_Exchange_Team on May 10 2022 10:00 AM
20.8K
The_Exchange_Team on May 10 2022 09:59 AM

Latest Comments

@David_Richard I am working on removing PS access for non admin accounts now. Thanks for the suggestion. @ninobilic I added the firewall rule on 09/30 and I have not experienced any Exchange related issues. Yes, I understand blocking those ports do not prevent exploitation. Thank you.
0 Likes
@ceantuco Well, truth is - they will not do any damage; I am not immediately aware of anything (Exchange related) that would use those ports, so you could leave them blocked. The main thing is to realize that this was not an effective mitigation for CVE-2022-41082.
0 Likes
@ceantucoYes, remove it. But did you disable remote PowerShell access for nonadmin users/service accounts? An excellent way is to create a security group and add the admin accounts/service accounts to that group and run the DisableRemotePS.ps1, which you can find here: https://www.alitajran.com/0-da...
0 Likes
@Greg Taylor - EXCHANGE shame on me! For me the this blog was very up-to-date because I only noticed the day and month -the year I have really overseen.Thank you for your quick answer and the link!
1 Likes
I removed and re-added the rule with the latest recommendations from MS. Since port 443 is used for the attack, should I remove the Windows Firewall rule I created blocking ports 5985-5986? Please adviseThank you!
0 Likes
microsoft-server-produkte  configure-certificate-based-authentication-for-exchange-activesync  Office-2007-Service-Pack-3  microsoft-exchange-server-2010-sp1-x64-keygen   deploying-exchange-server-2007-service-pack3  upgrade-from-windows-server-standard-to-enterprise  windows-storage-server-2008  windows-storage-server-2008-r2  windows-storage-server-2008-download  microsoft-windows-storage-server-2008