Topic: Microsoft email zero day @ AskWoody

Microsoft email zero day
Home » Forums » Newsletter and Homepage topics » Microsoft email zero day
- This topic has 11 replies, 5 voices, and was last updated 11 months, 2 weeks ago.
Tags: AskWoody Alert AskWoody Plus Alerts Patch Lady Posts
Author

Topic
New Reply
Susan Bradley
Manager

September 30, 2022 at 11:05 am #2484177
Options

Reply
Quote

What is it? Microsoft is investigating targeted attacks on their on premises Email servers. Attackers have found a way into servers that are already
[See the full post at: Microsoft email zero day]

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote
Viewing 4 reply threads
Author

Replies
- Mark
  Guest
  
  September 30, 2022 at 11:34 am #2484187
  Options
  
  Reply
  Quote
  
  I use Outlook.com and have noticed an increase in phishing mail lately. I don’t use Outlook.com as my primary e-mail service. The phishing e-mails are sometimes amusing. I find that they repeat the same message again and again. Most use gmail.com.
  
  Mark
  
  Reply | Quote
- b
  Manager
  
  September 30, 2022 at 2:14 pm #2484215
  Options
  
  Reply
  Quote
  
  Susan Bradley wrote:
  
  Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.
  
  Would it be less disturbing if Microsoft didn’t patch their own servers immediately (while asking everyone else to do so)?
  
  Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
  
  Reply | Quote
- Susan Bradley
  Manager
  
  September 30, 2022 at 3:00 pm #2484231
  Options
  
  Reply
  Quote
  
  It’s disturbing that they can patch but yet can’t build a patch for external users. Because clearly they are patching themselves quite quickly.
  
  Susan Bradley Patch Lady/Prudent patcher
  
  Reply | Quote
  
  b
  Manager
  
  September 30, 2022 at 3:04 pm #2484233
  Options
  
  Reply
  Quote
  
  Or perhaps they’ve deployed the mitigations available to everyone?
  
  Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
  
  Reply | Quote
  
  Susan Bradley
  Manager
  
  September 30, 2022 at 4:01 pm #2484244
  Options
  
  Reply
  Quote
  
  Then they can be a bit more proactive and include these mitigations in the tool that they supposedly wrote to help protect for these zero days. Currently it doesn’t help to protect servers for this issue.
  
  Susan Bradley Patch Lady/Prudent patcher
  
  2 users thanked author for this post.
  
  fk5353, Alex5723
  
  Reply | Quote
- Simon_Weel
  AskWoody Plus
  
  October 1, 2022 at 9:20 am #2484426
  Options
  
  Reply
  Quote
  
  Susan Bradley wrote:
  
  include these mitigations in the tool that they supposedly wrote to help protect for these zero days
  
  Good news. They have as of October first. Those who have installed Exchange Server Emergency Mitigation and enabled it, the fix is applied automatically. Won’t hurt to check if it actually did, see the topic Controlling automatic mitigation in your environment
  
  As you say; it does make you wonder how MS patches it’s own Exchange servers; assuming they run Exchange for their MS 365 solutions.
  
  1 user thanked author for this post.
  
  b
  
  Reply | Quote
- b
  Manager
  
  October 1, 2022 at 10:32 am #2484446
  Options
  
  Reply
  Quote
  
  September 30, 2022 updates:
  
  Added link to Microsoft Security blog in Summary.
  
  Microsoft released the Exchange Server Emergency Mitigation Service (EMS) mitigation for this issue.
  
  Microsoft created a script for the URL Rewrite mitigation steps and modified step 6 in the Mitigations section.
  
  Mitigations
  …
  Option 1: For customers who have the Exchange Server Emergency Mitigation Service (EMS) enabled, Microsoft released the URL Rewrite mitigation for Exchange Server 2016 and Exchange Server 2019. The mitigation will be enabled automatically. Please see this blog post for more information on this service and how to check active mitigations.
  
  Option 2: Microsoft created the following script for the URL Rewrite mitigation steps. https://aka.ms/EOMTv2
  
  Option 3: Customers can follow the below instructions, which are currently being discussed publicly and are successful in breaking current attack chains.
  …
  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
  
  Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
  
  Reply | Quote
  
  Susan Bradley
  Manager
  
  October 1, 2022 at 12:21 pm #2484458
  Options
  
  Reply
  Quote
  
  It’s forked from the premises based Exchange. Not quite the same code.
  
  Susan Bradley Patch Lady/Prudent patcher
  
  Reply | Quote
- Susan Bradley
  Manager
  
  October 1, 2022 at 12:20 pm #2484457
  Options
  
  Reply
  Quote
  
  Kevin Beaumont on Twitter: “Nope. Exchange 2010 isn’t vuln to ProxyLogon, ProxyShell or ProxyNotShell as the Exchange Online integration isn’t there, basically.” / Twitter
  
  Exchange 2010 is not vulnerable.
  
  Susan Bradley Patch Lady/Prudent patcher
  
  Reply | Quote
- oldguy
  AskWoody Lounger
  
  October 20, 2022 at 10:25 am #2490631
  Options
  
  Reply
  Quote
  
  Seems poor configuration was part of the problem.. (or is this another “incident”? This is October 4th..)
  
  https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/
  
  https://twitter.com/KiPos_info/status/1577745070941503488
  
  Should anyone be able to make use of this..
  
  Reply | Quote
- Susan Bradley
  Manager
  
  October 20, 2022 at 11:17 am #2490648
  Options
  
  Reply
  Quote
  
  Totally different issue.
  
  Susan Bradley Patch Lady/Prudent patcher
  
  Reply | Quote
Viewing 4 reply threads

Reply To: Microsoft email zero day
You can use BBCodes to format your content.
Your account can't use all available BBCodes, they will be stripped before saving.

Your information:
Name (required):

Mail (will not be published) (required):

Website:

Cancel

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Microsoft email zero day

2 users thanked author for this post.

1 user thanked author for this post.

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

Key Links

Microsoft email zero day

2 users thanked author for this post.

1 user thanked author for this post.

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

Login and Registration

Key Links