Blog Post

Exchange Team Blog
2 MIN READ

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Sep 30, 2022
Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Exchange 2013
exchange 2016
exchange 2019
security
Zoltan Erszenyi's avatar
Zoltan Erszenyi
Copper Contributor
Nov 01, 2022

The_Exchange_Team, the HealthChecker.ps1 script seems to be buggy. The mitigation has been applied, I can see two rewrite rules: "EEMS M1.1 PowerShell - inbound" and "PowerShell - inbound". However the script is still reporting CVE-2022-41040 as not being mitigated. Script version: 22.10.28.0217

 

The rewrite rules are applied on the "Default Web Site" and inherited by the virtual directories/applications. I can see the rewrite rules in the Default Web Site's web.config file, however they are absent from the applications' web.config files.

 

When I analyse the content of the $SecurityObject object passed to the Invoke-AnalyzerSecurityCve-2022-41040 function, the path to the web.config file of the Default Web Site isn't listed, which results in an empty $iisRewriteRules collection. As a result the CVE test is marked as FAILED.

 

I altered the script to Export-Clixml the content of $SecurityObject, which then I Import-Clixml'd into $aa for analysis. I would have uploaded a screenshot but I cannot embed a local file. Here is a console content copy/paste instead:

 

 

[PS] C:\Temp\WFL>$aa.ExchangeInformation.IISSettings.IISConfigurationSettings

Location Content
-------- -------
web.config
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\SharedWebConfig.config {<configuration>, <runtime>, <assemblyBinding xmlns="urn:schemas-microsoft-c...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Rest\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Autodiscover\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\sync\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\OAB\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\PowerShell\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\mapi\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <appSettings>, <ad...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <appSettings>, <ad...
D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS\web.config {<?xml version="1.0" encoding="UTF-8"?>, <!--, For more information on how to co...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\SharedWebConfig.config {<configuration>, <runtime>, <assemblyBinding xmlns="urn:schemas-microsoft-c...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PowerShell-Proxy\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <appSettings>, <ad...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\mapi\emsmdb\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <appSettings>, <ad...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\mapi\nspi\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <appSettings>, <ad...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\rest\web.config {<?xml version="1.0" encoding="utf-8"?>, <!-- Note: As an alternative to hand edit...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\web.config {<?xml version="1.0" encoding="utf-8"?>, <configuration>, <system.diagnostics>, ...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB\web.config {<?xml version="1.0"?>, <configuration>, <appSettings>, <!-- Specifies the t...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\web.config {<?xml version="1.0"?>, <configuration>, <!-- , Configuration section for ...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Autodiscover\web.config {<?xml version="1.0" encoding="UTF-8"?>, <configuration>, <configSections>, ...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\web.config {<?xml version="1.0" encoding="utf-8"?>, <configuration>, <configSections>, ...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\exchweb\EWS\web.config {<?xml version="1.0" encoding="utf-8"?>, <!-- Note: As an alternative to hand edit...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\exchweb\EWS\bin\web.config
C:\Windows\System32\RpcProxy\web.config {<?xml version="1.0"?>, <configuration>, <appSettings>, <add key="LiveIdBasi...
D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PushNotifications\web.config {<?xml version="1.0" encoding="utf-8"?>, <configuration>, <appSettings>, <ad...

 

 

Please check and let me know.

 

Thanks,

Zoltan