Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Microsoft Exchange Download Domains CVE 2021-1730

 

Information

 

Summary:

Microsoft Exchange Download Domains CVE 2021-1730

Environment:

Product: Load Master

Version: all

Platform: all

Application: Microsoft Exchange

Question/Problem Description:

Setup download domains through Virtual service

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Microsoft advisory on CVE-2021-1730
Resolution:

Create a new FQDN for a "Download Domain" such as "download.contoso.com" and add this domain to your virtual directories in exchange. Create a new public certificate to use for this FQDN or add the new FQDN as a SAN entry to your existing public cert. Setup the DNS to point to a new dedicated Virtual Service on the LM and set it up either as pass-through or SSL offloaded/re-encrypted

With download domains there are 2 options. 

  1. To use download domains with SSL offloading you must have the same public cert on the LM Virtual Service as is on the Exchange servers themselves and it must have its own DNS entry (FQDN) and also have no ESP or pre-auth on the service. 
  2. The other option is to have a SSL pass through service on port 443 for the dedicated DNS name (FQDN) and have the public cert installed on the exchange servers directly.

on both options ESP is not supported for the download domains directory.

Workaround:

 

Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730


Was this article helpful?
2 out of 3 found this helpful

Comments