Disable OWA on exchange 2016

Dani Kaplan 41 Reputation points
2021-09-13T13:38:54.487+00:00

I was told my server was probably hacked via OWA vulnerability (server is patched by windows update but not with exchange upgrade versions.
Can I rename or remove the owa directory under IIS to block OWA
I want to keep active sync working.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,509 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 121K Reputation points MVP
    2021-09-13T16:29:53.117+00:00

    You can disable the OWA app pool in IIS.

    However, if the server is compromised that is not sufficient. You need to mitigate, apply the latest CUs and SUs and/or rebuild ASAP!

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Dani Kaplan 41 Reputation points
    2021-09-13T18:08:28.317+00:00

    I've disabled MExcahageOWAAppPool and OWACalendarAppPool

    I am thinking about rebuild, but it's complicated as exchange server is also the single DC. (Small office)

    0 comments No comments

  2. Andy David - MVP 121K Reputation points MVP
    2021-09-13T18:12:00.357+00:00

    Ok, then I would consider building a new DC and Exchange Server and move mailboxes.
    Seriously.

    0 comments No comments