Microsoft Exchange Download Domains CVE 2021-1730

Updated: November 03, 2022 15:33

Information

Summary:	Microsoft Exchange Download Domains CVE 2021-1730
Environment:	Product: Load Master Version: all Platform: all Application: Microsoft Exchange
Question/Problem Description:	Setup download domains through Virtual service
Steps to Reproduce:
Error Message:
Defect Number:
Enhancement Number:
Cause:	Microsoft advisory on CVE-2021-1730
Resolution:	Create a new FQDN for a "Download Domain" such as "download.contoso.com" and add this domain to your virtual directories in exchange. Create a new public certificate to use for this FQDN or add the new FQDN as a SAN entry to your existing public cert. Setup the DNS to point to a new dedicated Virtual Service on the LM and set it up either as pass-through or SSL offloaded/re-encrypted With download domains there are 2 options. To use download domains with SSL offloading you must have the same public cert on the LM Virtual Service as is on the Exchange servers themselves and it must have its own DNS entry (FQDN) and also have no ESP or pre-auth on the service. The other option is to have a SSL pass through service on port 443 for the dedicated DNS name (FQDN) and have the public cert installed on the exchange servers directly. on both options ESP is not supported for the download domains directory.
Workaround:
Notes:	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730

Kemp Support, how can we help?