schuetzdentalCB 8 Posted March 9, 2021 Share Posted March 9, 2021 Aloha, is ESET Filesecurity able to detect the CVE-2021-26855 Hafnium exploit? We have a Exchange 2013 CU10 physical which we cant patch to cu23 to install the security patches from ms. so atm we are working with geo-ip blocking and filesecurity to prevent a hack^^ also putting it behind vpn is not an option so not ideal environment atm... maybe eset can detect that kind of attack? i think it will atleast find dropped trojans... - for now nothing has happended to the server, no dropped files or logs which would show an attack.. Link to comment Share on other sites More sharing options...
Most Valued Members shocked 60 Posted March 9, 2021 Most Valued Members Share Posted March 9, 2021 please take a look at this post which has a link to an article you might be interested Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted March 9, 2021 Author Share Posted March 9, 2021 thanks's, sadly nothing fits my setup in those new patches Link to comment Share on other sites More sharing options...
Most Valued Members shocked 60 Posted March 9, 2021 Most Valued Members Share Posted March 9, 2021 couldn't you update to the latest supported update for the patch? are they not available? perhaps look in the catalog site, https://www.catalog.update.microsoft.com/home.aspx Link to comment Share on other sites More sharing options...
itman 1,748 Posted March 9, 2021 Share Posted March 9, 2021 (edited) Refer to this Microsoft article: Quote Interim mitigations if unable to patch Exchange Server 2013, 2016, and 2019: Implement an IIS Re-Write Rule to filter malicious https requests Disable Unified Messaging (UM) Disable Exchange Control Panel (ECP) VDir Disable Offline Address Book (OAB) VDir These mitigations can be applied or rolled back using the ExchangeMitigations.ps1 script described below and have some known impact to Exchange Server functionality. The mitigations are effective against the attacks we have seen so far in the wild but are not guaranteed to be complete mitigations for all possible exploitation of these vulnerabilities. This will not evict an adversary who has already compromised a server. This should only be used as a temporary mitigation until Exchange servers can be fully patched, and we recommend applying all of the mitigations at once. https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/ Edited March 9, 2021 by itman schuetzdentalCB 1 Link to comment Share on other sites More sharing options...
Recommended Posts