I have published multiple articles for ZeroDay, which was announced for Exchange Server this week. You can access those articles from the links below.
Exchange Server RCE Zero Day Updates – Cengiz YILMAZ
New Zero Day in Exchange Server – Cengiz YILMAZ
Exchange Server On-premises Mitigation Tool v2 – Cengiz YILMAZ
Microsoft's If you have implemented the workaround suggested by the Remote PowerShellYou can also close it.
Exchange Serveras in other Microsoft in general in its products RCE vulnerability is found from time to time. In your environment Exchange Server a Remote PowerShelYou can close the risk of such attacks by blocking l.
For this process we Windows Firewall We will use it. If in your environment Exchange Server 2019 if you are using Client Access Rules you can use.
Windows Firewall HTTP(5985) HTTPS(5986) We will close the ports.
Playing Windows Firewall – Inbound Rules We follow your steps.
In the Actions Menu on the left, we click on the New Rule button.
On the screen that opens, we need to select an action for the rule we created. Since we will be performing an operation on the Port, we continue by marking the Port section.
In the Does this rule apply to TCP or UDP section, we mark TCP.
In the Does this rule apply to all local ports or specific local ports step; We mark Specific local ports and enter ports 5985,5986.
Since we want the relevant requests to be blocked, we mark the Block the connection step.
We apply the relevant rule for Domain, Private and Public.
We create a name for the rule we created.
The rule we have created Inbound Rules It appears in the section. If you wish, Invoke-WebRequest You can verify the transaction you have made with the set.