How can we help?

The latest application delivery knowledge and expertise at your fingertips.

Disabling Exchange Services via LoadMaster

As per Microsoft recommendations, along with implementing Cookie Filtering Microsoft mitigation recommendations include disabling specific Exchange Services for access. This is made up of :

CVE-2021-26857

Disabling the Unified Message services in Exchange

 

CVE-2021-27065 & CVE-2021-26858

Disabling the Exchange Control Panel (ECP) Virtual Directory

 

CVE-2021-27065 & CVE-2021-26858

Disabling the Offline Address Book (OAB) Application Pool and API

 

 

If LoadMaster is being used to load balance Exchange, blocking access to these specific services can be easily achieved. This may be useful where a separate Virtual Services is used for external access and access is kept available locally. With the loadMaster Exchange template, Exchange services are separated into separate Sub Virtual Services depending on the Application/Virtual Directory. LoadMaster provides a simple way to disable SubVs which in effect blocks traffic for this service.

 

Simply Navigate to the Exchange Virtual Service and Under the SubVSs list click ‘disable’ for the specific services..

 

Disabling the ECP, OAB, and EWS will prevent access to the services outlined.

mceclip0.png

An alternative option if access to these services is a requirement from specific networks is to ‘whitelist’ these services to trusted IP addresses using LoadMaster Content Rules thus blocking for all other IP addresses.

 

To do this

  1. Create a Content rule Matching specific IP Addresses see here for details.
  2. Apply to all Real Servers used by the specific SubVSs

 

Note these are just useful actions as part of a mitigation strategy. For full protection, it is strongly recommended that Exchange Server security updates are applied.

 


Comments