Forum Discussion
Suspicious events
Exchange 2016 fully patched. Saw a few errors in Application log. Source: MSExchange Front End HTTP Proxy [Owa] An internal server error occurred. The unhandled exception was: System.ArgumentEx...
I have a case open with Microsoft about this but I still have not heard anything from them. As of this morning I have completely disabled external access to OWA until we can get some answers as to what is really going on.
is there any udpate regarding this case?
- Unfortunately no. I never heard back from Microsoft at all after opening a case, which isn't the greatest feeling. From what I can tell, and have researched myself, these error logs do appear to be related to the Exchange exploit, but whether or not it means you have been breached I don't know. I have ran all of Microsoft's scripts to search for any indication of compromise, which all came back clean on my server, so even though I was seeing these errors it doesn't appear that I have been compromised. I did restrict OWA to only my internal subnet temporarily until there is more information from Microsoft.
- ok.. pls update if you get any additional info, thanks
- Same here, our ISP told us they detected activity suggesting compromise yet we have been testing at least weekly with defender scans and have nothing. All mitigations applied and no evidence has been found of exploitation on our end.
- good that you are'nt finding any threats. hope you've ran the testproxylogon.ps1 script released by microsoft.
