Microsoft has recommended a measure for effectively patching the following vulnerability:
Mitigation of this vulnerability requires the deletion of a certain Windows Registry entry which, in turn, enables a loopback check. This article describes the steps to alter these registry settings.
Exchange Server 2010
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
According to Microsoft, a succesful exploitation of the vulnerability which is described by CVE-2018-8581 requires DisableLoopbackCheck registry value under the following registry key:
Removing this registry value will render the above vulnerability unexploitable.
To delete the above registry value, run a command prompt window as an administrator and type the following:
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f
System restart is not required.
Mitigation using SanerNow,
1. Download the CVE-2018-8581_fix.zip which is attached.
2. Login to SanerNow
3. Switch to the account/site specific view
4. Use the EM tool to create an Action
5. Select 'Software Deployment' feature
6. Click on Upload, which is on the upper right corner.
7. Click on the 'Open the file Browser', upload 'CVE-2018-8581_fix.zip' file and Click on Close.
8. Once uploaded package is visible, Click on 'exclamation mark' as shown in the below diagram.
9. Click on edit in the newly opened window and set the silent option as /S click on 'Update Details' as sown in the below diagram.
10. Select uploaded package and click on install, which is in the upper right corner.
11. Select 'Group' for which we need to apply the workaround and click 'next'
12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.
Systems need not be rebooted for this change to take effect.
On the next scheduled scan, vulnerabilities will not be reported.