Re: Exchange /OWA vulnerability actively exploited

Home Messages Hashtags

Royce Williams #470 Microsoft also added some mitigations here: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/ -- Royce Williams Tech Solvency toggle quoted messageShow quoted text On Fri, Mar 5, 2021 at 3:03 PM Royce Williams <royce@...> wrote: An option to buy time: you can limit OWA to just Alaskan networks (will still impact distribute workforce, but can at least lessen collateral damage): https://www.techsolvency.com/alaskan-networks/ But I would consider even that to be temporary. The threat actor is like quite busy managing all of their newly compromised hosts. Making them come from Alaskan IP space to target you next makes you only slightly less low-hanging fruit. :D -- Royce Williams Tech Solvency On Fri, Mar 5, 2021 at 2:45 PM Royce Williams via groups.io <royce.williams=gmail.com@groups.io> wrote: The news coverage for this has been vigorous, but just in case: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ The general consensus is that if you still have public-facing OWA, and it was not patched (or blocked from public access) as soon as the Microsoft announcement came out, you should basically assume that it's compromised at this point. The article contains links to the CISA announcement and guidance, which have IOCs. -- Royce
More All Messages By This Member

Join nuga@groups.io to automatically receive all group messages.