Forum Discussion
Suspicious events
Exchange 2016 fully patched. Saw a few errors in Application log. Source: MSExchange Front End HTTP Proxy [Owa] An internal server error occurred. The unhandled exception was: System.ArgumentEx...
We just received an email from our ISP that they have detected activity suggesting our OWA was compromised. Not 100% sure but this may be evidence of exploitation. Investigating currently
I have a case open with Microsoft about this but I still have not heard anything from them. As of this morning I have completely disabled external access to OWA until we can get some answers as to what is really going on.
- is there any udpate regarding this case?
- Unfortunately no. I never heard back from Microsoft at all after opening a case, which isn't the greatest feeling. From what I can tell, and have researched myself, these error logs do appear to be related to the Exchange exploit, but whether or not it means you have been breached I don't know. I have ran all of Microsoft's scripts to search for any indication of compromise, which all came back clean on my server, so even though I was seeing these errors it doesn't appear that I have been compromised. I did restrict OWA to only my internal subnet temporarily until there is more information from Microsoft.
- ok.. pls update if you get any additional info, thanks
