Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pako
Participant
Jump to solution

HOWTO protect against microsoft exchange autodiscover bug using Checkpoint firewalls

Hello.

I have read this article about a new bug on microsoft exchange that would allow an attacker to leak the user accounts:

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windo...

 

I would like to know if there is a way to protect our network from this attack using checkpoint firewall and how to do it?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

We have an App Control definition for this:

image.png

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend

This is clearly explained in the cited article:

For organizations using Microsoft Exchange, you should block all Autodiscover.[tld] domains at your firewall or DNS server so that your devices cannot connect to them. Guardicore has created a text file containing all Autodiscover domains that can be used to create access rules.

Organizations are also recommended to disable Basic authentication, as it essentially sends credentials in cleartext.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

We have an App Control definition for this:

image.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events