As per Microsoft recommendations, along with implementing Cookie Filtering Microsoft mitigation recommendations include disabling specific Exchange Services for access. This is made up of :
Disabling the Unified Message services in Exchange
Disabling the Exchange Control Panel (ECP) Virtual Directory
Disabling the Offline Address Book (OAB) Application Pool and API
If LoadMaster is being used to load balance Exchange, blocking access to these specific services can be easily achieved. This may be useful where a separate Virtual Services is used for external access and access is kept available locally. With the loadMaster Exchange template, Exchange services are separated into separate Sub Virtual Services depending on the Application/Virtual Directory. LoadMaster provides a simple way to disable SubVs which in effect blocks traffic for these service.
Simply Navigate to the Exchange Virtual Service and Under the SubVSs list clikc ‘disable’ for the specific services..
Disabling the ECP,OAB and EWS will prevent access to the services outlined.
An alternative option if access to these services is a requirement from specific networks is to ‘whitelist’ these services to trusted IP addresses using LoadMaster Content Rules thus blocking for all other IP addresses.
To do this
- Create a Content rule Matching specific IP Addresses see here for details.
- Apply to all Real Servers used by the specific SubVSs
Note these are just useful actions as part of a mitigation strategy. For full protection it is strongly recommended that Exchange Server security updates are applied.