• Microsoft email zero day

    What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

    If we have online email with Microsoft, are we at risk?  No.

    Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

    If you are an Exchange admin and need help, pile on here

    (note I am sending this out as a defcon text alert but not an email alert)

    Follow the guidance in the MSRC post to protect your on premise email servers:

    The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns


    If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.