Microsoft Exchange Server Spoofing Vulnerability CVE-2021-1730

pazzoide76 301 Reputation points
2022-03-29T12:27:05.063+00:00

Hello,
I have a question about Microsoft Exchange Server Spoofing Vulnerability CVE-2021-1730.
I would like to implement the fix and I wanted to know if the procedure listed below is right.
This is the procedure:
Questa è la procedura:
I have gone onto our Website hosting and added a CNAME record to point download.mycompany.it onto mailserver.mycompany.it (Our Exchange Server).
Because we use split DNS on the server also add a CNAME to point download.mycompany.it to the Exchange Server
Update our SAN certificate so it has download.mycompany.it on it and re-issue the Certificate in ECP.
Run these commands in management console;
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalDownloadHostName download.mycompany.it -InternalDownloadHostName download.mycompany.it
And then;
Set-OrganizationConfig -EnableDownloadDomains $true
Restart the Servers

Is the procedure correct?

Thank you

Greetings

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,702 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 150.3K Reputation points MVP
    2022-03-29T12:32:04.147+00:00

    Yes. See:
    https://www.reddit.com/r/exchangeserver/comments/onhchg/download_domains_cve20211730_and_microsoft/

    Note, no need to restart the servers, see the thread linked above!

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.