Share via

Microsoft Exchange Client Access Server Information Disclosure

Kavindu Dayananda 76 Reputation points
2022-09-05T08:35:52.103+00:00

We recently received this from our security team. Does anyone knows a fix for this?

Vulnerabilities
77026 - Microsoft Exchange Client Access Server Information Disclosure-
Synopsis
The remote mail server is affected by an information disclosure vulnerability.
Description
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server's internal IP address.
An attacker can send a crafted GET request to the Web Server with an empty host header that would expose internal IP Addresses of the underlying system in the header response.

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rafael da Rocha 5,251 Reputation points
    2022-09-05T08:45:44.77+00:00

    Applying latest patches should resolve the issue.
    Here's a blog post on how to mitigate manually:
    Microsoft Exchange Client Access Server Information Disclosure

    ----------

    If any reply helped solve your question, please remember to upvote and/or "Accept Answer".
    It helps others facing similar issues find the solution.

  2. Jame Xu-MSFT 4,191 Reputation points
    2022-09-06T02:39:05.483+00:00

    Hi @Kavindu Dayananda ,
    What is the current CU version of your Exchange server? And have you installed the corresponding latest security updates on it? If haven't yet, please consider installing as soon as possible to protect your Exchange server from attack.
    If you are using a legacy CU, please first upgrade to the latest CU and then install the security updates.
    You may check the latest CU versions in this link:
    https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019#exchange-server-2019

    Vulnerability related references:
    https://help.defense.com/en/articles/6236022-microsoft-exchange-client-access-server-information-disclosure-vulnerability
    Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Sahil Verma 1 Reputation point
    2023-03-17T18:41:21.5933333+00:00

    Fix for : Microsoft Exchange Client Access Server Information Disclosure ( Applied in exchange 2019 - Server 2019)

    Step 1 : Find send connecter name in use and change "" in step 2 

    Step2 : Get-SendConnector "Outbound to Office365" | Get-ADPermission | Where-Object { $_.ExtendedRights -like "routing"} | Format-table User,AccessRights,ExtendedRights

    Step3 : Get-SendConnector "Outbound to Office365" | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -User "NT AUTHORITY\ANONYMOUS LOGON"

    Step4 to Recheck permission : Get-SendConnector "Outbound to Office365" | Get-ADPermission | Where-Object { $_.ExtendedRights -like "routing"} | Format-table User,AccessRights,ExtendedRights

    Result were positive. Only Exit Ip ( Public ip was visible in next email, not the server original IP)

    Cam-0164

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.