This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 35%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWI%3C/text%3E%3C/svg%3E)
After applying the update additional steps needed to be done for showing attached pictures in an e-mail using OWA. I performed all the steps mentioned under:
Are there other required steps to enable the protection from this vulnerability?
I guess I forgot something because now there's an error when I try to download/view the attached picture. The browser shows the download.domainname.nl url but with the error:
Not Found
HTTP Error 404. The requested resource is not found.
We already hava a certificate for this url so that's not the issue. I guess I have to add the download.domainname.nl url to IIS but I don't know how this works.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Could you please check again if you have performed all steps correctly by comparing with the link below:
Configure Download Domains to address CVE-2021-1730 vulnerability
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
And don't forget to restart IIS or recycle the OWA application pool after your enable the download domain.
In addition, if the steps above don't work, please provide the complete image download domain url in inspector(note to clear your personal information)
The issue has been solved by adding a Site Binding in IIS. Like I mentioned we already had a certificate for this. Attached images in an e-mail not load correcty in OWA and can be downloaded.
Thanks for sharing your solution to this problem and glad to know that your issue is resolved now! Since our forum has the policy that The question author cannot accept their own answer. They can only accept answers by others, and according to the scenario introduced here: Answering your own questions on Microsoft Q&A
I would make a brief summary of this post so that other forum members could easily find useful information here:
[Add download domain to IIS regarding Microsoft Exchange Server Spoofing Vulnerability CVE-2021-1730 - Summary]
Issue Symptom:
When try to download/view the attached picture. The browser shows the download.domainname.nl url but with the error:
Not Found
HTTP Error 404. The requested resource is not found.
Solution:
The issue has been solved by adding a Site Binding in IIS.
Reference Links:
Binding <binding>
Configure Download Domains to address CVE-2021-1730 vulnerability
You could "Accept Answer" for this summary to close this thread, and your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding!
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.