Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) #6
Comments
|
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4 I strongly suggest people use Microsoft's nmap script instead, which does proper detection: https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse |
|
That’s what I used.
From: Lukas Tribus ***@***.***>
Sent: Sunday, March 14, 2021 11:28 AM
To: GossiTheDog/scanning ***@***.***>
Cc: Raaymakers. James ***@***.***>; Author ***@***.***>
Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4<#4>
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA>.
|
|
Correction. I just now ran the Microsoft version. Here was my output..
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
From: Lukas Tribus ***@***.***>
Sent: Sunday, March 14, 2021 11:28 AM
To: GossiTheDog/scanning ***@***.***>
Cc: Raaymakers. James ***@***.***>; Author ***@***.***>
Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4<#4>
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA>.
|
Correct. |
|
Thank you very much. I appreciate your time.
From: Lukas Tribus ***@***.***>
Sent: Sunday, March 14, 2021 11:56 AM
To: GossiTheDog/scanning ***@***.***>
Cc: Raaymakers. James ***@***.***>; Author ***@***.***>
Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
Correct.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ATGO3LXQ4TJ5PRTL4MHCZA3TDUBEHANCNFSM4ZCVAHDA>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All servers have the latest CU and the security patch installed. What does this message mean?
|_http-server-header: Microsoft-IIS/10.0
|_http-vuln-exchange: (15.2.792) Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed)
For all other scans I get "Error 403 for /owa" or similar.
The text was updated successfully, but these errors were encountered: