Microsoft has recommended a measure for effectively patching the following vulnerability:
Mitigation of this vulnerability requires the deletion of a certain Windows Registry entry which, in turn, enables a loopback check. This article describes the steps to alter these registry settings.
Exchange Server 2010
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
According to Microsoft, a succesful exploitation of the vulnerability which is described by CVE-2018-8581 requires the following registry key:
Removing this registry entry will render the above vulnerability unexploitable.
To delete the above key, run a command prompt window as an administrator and type the following:
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f
System restart is not required.
Mitigation using SanerNow,
1. Download the CVE-2018-8581_fix.zip which is attached.
2. Login to SanerNow
3. Switch to the account/site specific view
4. Use the EM tool to create an Action
5. Select 'Software Deployment' feature
6. Select 'Install' in the 'command' and select 'Install method' as 'Using Installation file'
7. Unzip and upload the file CVE-2018-8581_fix.exe
8. Provide 'Command line arguments*' as /S for silent mode installation
9. Select the Group where you want to apply this change and click 'Create Response'
Please refer below image for understanding above patching details.
Systems need not be rebooted for this change to take effect.
On the next scheduled scan, vulnerabilities will not be reported.