• Microsoft email zero day

    Home » Forums » Newsletter and Homepage topics » Microsoft email zero day

    Author
    Topic
    #2484177

    What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already
    [See the full post at: Microsoft email zero day]

    Susan Bradley Patch Lady

    Viewing 4 reply threads
    Author
    Replies
    • #2484187

      I use Outlook.com and have noticed an increase in phishing mail lately.  I don’t use Outlook.com as my primary e-mail service.  The phishing e-mails are sometimes amusing. I find that they repeat the same message again and again.  Most use gmail.com.

      Mark

       

    • #2484215

      Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

      Would it be less disturbing if Microsoft didn’t patch their own servers immediately (while asking everyone else to do so)?

      Windows 11 Pro version 22H2 build 22621.898 + Microsoft 365/Edge

      • #2484231

        It’s disturbing that they can patch but yet can’t build a patch for external users.  Because clearly they are patching themselves quite quickly.

        Susan Bradley Patch Lady

        • #2484233

          Or perhaps they’ve deployed the mitigations available to everyone?

          Windows 11 Pro version 22H2 build 22621.898 + Microsoft 365/Edge

          • #2484244

            Then they can be a bit more proactive and include these mitigations in the tool that they supposedly wrote to help protect for these zero days.  Currently it doesn’t help to protect servers for this issue.

            Susan Bradley Patch Lady

            2 users thanked author for this post.
    • #2484426

      include these mitigations in the tool that they supposedly wrote to help protect for these zero days

      Good news. They have as of October first. Those who have installed Exchange Server Emergency Mitigation and enabled it, the fix is applied automatically. Won’t hurt to check if it actually did, see the topic Controlling automatic mitigation in your environment

      As you say; it does make you wonder how MS patches it’s own Exchange servers; assuming they run Exchange for their MS 365 solutions.

      1 user thanked author for this post.
      b
      • #2484446

        September 30, 2022 updates:

        Added link to Microsoft Security blog in Summary.

        Microsoft released the Exchange Server Emergency Mitigation Service (EMS) mitigation for this issue.

        Microsoft created a script for the URL Rewrite mitigation steps and modified step 6 in the Mitigations section.

        Mitigations

        Option 1: For customers who have the Exchange Server Emergency Mitigation Service (EMS) enabled, Microsoft released the URL Rewrite mitigation for Exchange Server 2016 and Exchange Server 2019. The mitigation will be enabled automatically. Please see this blog post for more information on this service and how to check active mitigations.

        Option 2: Microsoft created the following script for the URL Rewrite mitigation steps. https://aka.ms/EOMTv2

        Option 3: Customers can follow the below instructions, which are currently being discussed publicly and are successful in breaking current attack chains.

        Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

        Windows 11 Pro version 22H2 build 22621.898 + Microsoft 365/Edge

      • #2484458

        It’s forked from the premises based Exchange.  Not quite the same code.

        Susan Bradley Patch Lady

    • #2484457

      Susan Bradley Patch Lady

    • #2490631

      Seems poor configuration was part of the problem.. (or is this another “incident”? This is October 4th..)

      https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/

      https://twitter.com/KiPos_info/status/1577745070941503488

      Should anyone be able to make use of this..

       

       

    Viewing 4 reply threads
    Reply To: Microsoft email zero day

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: