01-10-2019 01:19 AM
Hi, everybody.
Just yesterday Microsoft announced patches for a series of security vulnerabilities. One of these vulnerabilites is related to Exchange: CVE-2019-0586 – Microsoft Exchange Memory Corruption Vulnerability.
This patch corrects a bug in Exchange that could allow an attacker to take control of an Exchange server just by sending it a specially crafted email.
Question is, are Ironport appliances be able to detect and stop such special emails? Will they flag them as malicious?
I have tried searching blogs and forums for an answer, but have not yet found an answer. I have managed to find that Talos has released new SNORT rules which will respond and protect agains mentioned vulnerabilities, but to my knowledge, Ironport does not use SNORT.
I hope someone has a good answer to the question. If Ironport appliances are able to detect and stop the mentioned malicious emails, this will buy time in regards to planing and patching Exchange servers.
Regards,
Aleironport
Solved! Go to Solution.
01-23-2019 02:29 AM
The URL filtering feature on the ESA pulls updates from Talos as well, however SNORT rules are not directly integrated with ESA's.
From the description available this appears to be related to specially crafted URL's, however without a sample it would be difficult to confirm what Talos would classify that as.
You could open a TAC case to have this confirmed by Talos.
Regards,
Libin
01-23-2019 02:29 AM
The URL filtering feature on the ESA pulls updates from Talos as well, however SNORT rules are not directly integrated with ESA's.
From the description available this appears to be related to specially crafted URL's, however without a sample it would be difficult to confirm what Talos would classify that as.
You could open a TAC case to have this confirmed by Talos.
Regards,
Libin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: