Jump to content

CVE-2021-26855 Detection in Filesecurity


Recommended Posts

Aloha,

is ESET Filesecurity able to detect the CVE-2021-26855 Hafnium exploit?

We have a Exchange 2013 CU10 physical which we cant patch to cu23 to install the security patches from ms. so atm we are working with geo-ip blocking and filesecurity to prevent a hack^^ also putting it behind vpn is not an option so not ideal environment atm...

maybe eset can detect that kind of attack? i think it will atleast find dropped trojans... - for now nothing has happended to the server, no dropped files or logs which would show an attack..

Link to comment
Share on other sites

  • Most Valued Members

please take a look at this post which has a link to an article you might be interested
 

 

 

Link to comment
Share on other sites

Refer to this Microsoft article:

Quote

Interim mitigations if unable to patch Exchange Server 2013, 2016, and 2019:

  • Implement an IIS Re-Write Rule to filter malicious https requests
  • Disable Unified Messaging (UM)
  • Disable Exchange Control Panel (ECP) VDir
  • Disable Offline Address Book (OAB) VDir

These mitigations can be applied or rolled back using the ExchangeMitigations.ps1 script described below and have some known impact to Exchange Server functionality. The mitigations are effective against the attacks we have seen so far in the wild but are not guaranteed to be complete mitigations for all possible exploitation of these vulnerabilities. This will not evict an adversary who has already compromised a server. This should only be used as a temporary mitigation until Exchange servers can be fully patched, and we recommend applying all of the mitigations at once.

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...