question

alessandrobelli-3238 avatar image
1 Vote"
alessandrobelli-3238 asked ·

exchange 2013 EOMT.ps1 iis mitigation non applied

I have an exchange 2013. Sunday 14 mar 2021 I've applied the kb5000871 that was downloaded wia windowsupdate. Today I've downloaded EOMT.ps1 to check if the server is secured by the last CVE-2021-26855. The script finish wtiting that server is patched and no mitigation need. It also tell to check web.config for the presence of section: <rewrite> <rules> <rule name="X-AnonResource-Backend Abort - inbound"> <match url=".*" /> ... that is MISSING on mine. So I've downloaded and installed the rewrite module 2.0 and run again. It always finish without appliyng any. My question is: is the section <rewrite> on web config necessary? Or it is just for exchange >2013? This because the script only chek if kb5000871 is installed, not if the web.config <rewrite> session is present. Thanks' a lot in advance

office-exchange-server-administration
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AndyDavid avatar image
1 Vote"
AndyDavid answered ·

No, you dont need to install the rewrite modules - that is only used if you are unable to install the security patch to mitigate the exploit

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hey there Andy,

I was about to start a thread for the exact same question. Do you know if there's a publication that explains how the KB5000871 mitigates this without the presence of that rewrite rule?

Thank you.

0 Votes 0 ·