The issue has been solved by adding a Site Binding in IIS. Like I mentioned we already had a certificate for this. Attached images in an e-mail not load correcty in OWA and can be downloaded.
Add download domain to IIS regarding Microsoft Exchange Server Spoofing Vulnerability CVE-2021-1730
After applying the update additional steps needed to be done for showing attached pictures in an e-mail using OWA. I performed all the steps mentioned under:
Are there other required steps to enable the protection from this vulnerability?
I guess I forgot something because now there's an error when I try to download/view the attached picture. The browser shows the download.domainname.nl url but with the error:
Not Found
HTTP Error 404. The requested resource is not found.
We already hava a certificate for this url so that's not the issue. I guess I have to add the download.domainname.nl url to IIS but I don't know how this works.
2 answers
Sort by: Most helpful
-
-
Joyce Shen - MSFT 16,651 Reputation points
2022-09-01T08:24:50.043+00:00 Thanks for sharing your solution to this problem and glad to know that your issue is resolved now! Since our forum has the policy that The question author cannot accept their own answer. They can only accept answers by others, and according to the scenario introduced here: Answering your own questions on Microsoft Q&A
I would make a brief summary of this post so that other forum members could easily find useful information here:
[Add download domain to IIS regarding Microsoft Exchange Server Spoofing Vulnerability CVE-2021-1730 - Summary]
Issue Symptom:
When try to download/view the attached picture. The browser shows the download.domainname.nl url but with the error:
Not Found
HTTP Error 404. The requested resource is not found.Solution:
The issue has been solved by adding a Site Binding in IIS.Reference Links:
Binding <binding>
Configure Download Domains to address CVE-2021-1730 vulnerabilityYou could "Accept Answer" for this summary to close this thread, and your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding!
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.