Warning on Extended Protection used with IP Filtering on vDir

Regular Visitor

Hello all,

 

When I run the HealthChecker script on our Exchange 2016 on-prem server, I get this warning:

 

Security Vulnerability: CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134
Extended Protection should be set to 'None' on the vDir where IP filtering is enabled
Extended Protection isn't configured as expected

 

Then for the Default Web Site-ECP dir, 'ConfigSupported' is False, 'IPFilterEnabled' is True.

 

We do have IP restrictions set on ECP, only allowing connections from authorized networks, so from what I understand we should disable (or roll back) Extended Protection for that dir.    However, we are able to still access ECP from our authorized networks, and the IP restrictions are working for it.

 

In this case, should we leave it as is, or, should we still disable EP for it?  

 

Thanks

 

 

 

 

 

2 Replies

@MauryKOR I have the same issue and would also be interested for correct settings.

IP Filters are recommended as well as Extended Protection, wy can't the be both enabled?

https://www.alitajran.com/disable-external-access-to-ecp-exchange/

 

This issue is discussed on several sites

https://github.com/microsoft/CSS-Exchange/issues/1260

 

 

It seems this issue is back. I'm running version Exchange Health Checker v22.11.07.2236 and these symptoms are back but claimed to have been resolved in v22.10.17.1713