Skip to main content
gstephan
gstephan
New Member
March 9, 2021
Question

Protection against Exchange ProxyLogon exploit.

  • March 9, 2021
  • 1 reply
  • 2832 views

Hi all!

 

Is there any guidance from FortiNet or from the community how to protect agains the most recent MS Exchange attacks?

 

Thanks,

Stephan

    1 reply

    Jeff_Roback
    Jeff_Roback
    New Member
    March 10, 2021

    This website discusses Fortinet's response to the exploits: 

     

    https://www.fortinet.com/blog/threat-research/fortinet-addresses-latest-microsoft-exchange-server-exploits

     

    Based on this website it sounds like the following IPS signatures are what you're looking for:

     

    FortiGuard IPS

    The following IPS signatures were released on March 3-4, 2021 to detect and stop exploits targeting the four vulnerabilities identified in this exploit. All Fortinet customers with an active subscription and current update are already protected.

    MS.Exchange.Server.ProxyRequestHandler.Remote.Code.Execution MS.Exchange.Server.UM.Core.Remote.Code.Execution MS.Exchange.Server.CVE-2021-27065.Remote.Code.Execution   MS.Exchange.Server.CVE-2021-26858.Remote.Code.Execution

     

    Terms & ConditionsAccessibility statement