Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pako
Explorer

HOWTO protect against microsoft exchange autodiscover bug using Checkpoint firewalls

Jump to solution

Hello.

I have read this article about a new bug on microsoft exchange that would allow an attacker to leak the user accounts:

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windo...

 

I would like to know if there is a way to protect our network from this attack using checkpoint firewall and how to do it?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

We have an App Control definition for this:

image.png

View solution in original post

2 Replies
G_W_Albrecht
Legend
Legend

This is clearly explained in the cited article:

For organizations using Microsoft Exchange, you should block all Autodiscover.[tld] domains at your firewall or DNS server so that your devices cannot connect to them. Guardicore has created a text file containing all Autodiscover domains that can be used to create access rules.

Organizations are also recommended to disable Basic authentication, as it essentially sends credentials in cleartext.

CCSE CCTE SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

We have an App Control definition for this:

image.png