This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 13%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
I have an exchange 2013. Sunday 14 mar 2021 I've applied the kb5000871 that was downloaded wia windowsupdate. Today I've downloaded EOMT.ps1 to check if the server is secured by the last CVE-2021-26855. The script finish wtiting that server is patched and no mitigation need. It also tell to check web.config for the presence of section: <rewrite> <rules> <rule name="X-AnonResource-Backend Abort - inbound"> <match url=".*" /> ... that is MISSING on mine. So I've downloaded and installed the rewrite module 2.0 and run again. It always finish without appliyng any. My question is: is the section <rewrite> on web config necessary? Or it is just for exchange >2013? This because the script only chek if kb5000871 is installed, not if the web.config <rewrite> session is present. Thanks' a lot in advance
No, you dont need to install the rewrite modules - that is only used if you are unable to install the security patch to mitigate the exploit
Ok thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 50%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hey there Andy,
I was about to start a thread for the exact same question. Do you know if there's a publication that explains how the KB5000871 mitigates this without the presence of that rewrite rule?
Thank you.