Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Agreed, Nino_Bilic,
I truly do not believe that trying to make something perfect before publishing is the right thing to do as it never will be perfect.
Don't let perfect be the enemy of good.
Initially, the RegEx pattern provided likely prevented some initial access attempts and only later was discovered to be too specific, so it changed.
Initially, the "How to block" action was defaulted to 403 Forbidden which definitely prevented access, changing it to "Abort Request" is probably the better option, but BOTH equally prevented access.
Both pieces of initial guidance were still beneficial AND I would much prefer to learn about them days sooner than the corrected guidance. This necessarily means there will be changes which promulgated the now-implemented change log.
Re: Remote PowerShell via 443. Thank you for that clarification. Port blocking is NOT an effective mitigation. Remote PowerShell access should be disabled for all users unless they have a specific need.
Thank you.