exchange 2013 EOMT.ps1 iis mitigation non applied

alessandro belli 131 Reputation points

I have an exchange 2013. Sunday 14 mar 2021 I've applied the kb5000871 that was downloaded wia windowsupdate. Today I've downloaded EOMT.ps1 to check if the server is secured by the last CVE-2021-26855. The script finish wtiting that server is patched and no mitigation need. It also tell to check web.config for the presence of section: <rewrite> <rules> <rule name="X-AnonResource-Backend Abort - inbound"> <match url=".*" /> ... that is MISSING on mine. So I've downloaded and installed the rewrite module 2.0 and run again. It always finish without appliyng any. My question is: is the section <rewrite> on web config necessary? Or it is just for exchange >2013? This because the script only chek if kb5000871 is installed, not if the web.config <rewrite> session is present. Thanks' a lot in advance

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,492 questions
0 comments No comments
{count} vote

Accepted answer
  1. Andy David - MVP 145.1K Reputation points MVP

    No, you dont need to install the rewrite modules - that is only used if you are unable to install the security patch to mitigate the exploit

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful