1. SecPod Technologies
  2. KB Articles
  3. How To's

    Mitigating CVE-2018-8581 using SanerNow

    Follow

    Overview:

    Microsoft has recommended a measure for effectively patching the following vulnerability:

    CVE-2018-8581

    Mitigation of this vulnerability requires the deletion of a certain Windows Registry entry which, in turn, enables a loopback check. This article describes the steps to alter these registry settings.

    Affected Products:

    Exchange Server 2010

    Exchange Server 2013

    Exchange Server 2016

    Exchange Server 2019

    Solution : 

    According to Microsoft, a succesful exploitation of the vulnerability which is described by CVE-2018-8581 requires DisableLoopbackCheck registry value under the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    Removing this registry value will render the above vulnerability unexploitable.

    To delete the above registry value, run a command prompt window as an administrator and type the following:

    reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f

    System restart is not required.

     

    Mitigation using SanerNow,

    1. Download the CVE-2018-8581_fix.zip which is attached.

    2. Login to SanerNow

    3. Switch to the account/site specific view

    4. Use the EM tool to create an Action

    5. Select 'Software Deployment' feature

    6. Click on Upload, which is on the upper right corner.

    7. Click on the 'Open the file Browser', upload 'CVE-2018-8581_fix.zip' file and Click on Close.

    8. Once uploaded package is visible, Click on 'exclamation mark' as shown in the below diagram.

    9. Click on edit in the newly opened window and set the silent option as /click on 'Update Details' as sown in the below diagram.

    10. Select uploaded package and click on install, which is in the upper right corner.

    11. Select 'Group' for which we need to apply the workaround and click 'next'

    12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.

    Systems need not be rebooted for this change to take effect.

    On the next scheduled scan, vulnerabilities will not be reported.

     References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments