Mitigating CVE-2018-8581 using SanerNow

    Follow

    Overview:

    Microsoft has recommended a measure for effectively patching the following vulnerability:

    CVE-2018-8581

    Mitigation of this vulnerability requires the deletion of a certain Windows Registry entry which, in turn, enables a loopback check. This article describes the steps to alter these registry settings.

    Affected Products:

    Exchange Server 2010

    Exchange Server 2013

    Exchange Server 2016

    Exchange Server 2019

    Solution : 

    According to Microsoft, a succesful exploitation of the vulnerability which is described by CVE-2018-8581 requires the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    Removing this registry entry will render the above vulnerability unexploitable.

    To delete the above key, run a command prompt window as an administrator and type the following: 

    reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f

    System restart is not required.

     

    Mitigation using SanerNow,

    1. Download the CVE-2018-8581_fix.zip which is attached.

    2. Login to SanerNow

    3. Switch to the account/site specific view

    4. Use the EM tool to create an Action

    5. Select 'Software Deployment' feature

    6. Select 'Install' in the 'command' and select 'Install method' as 'Using Installation file'

    7. Unzip and upload the file CVE-2018-8581_fix.exe

    8. Provide 'Command line arguments*' as /S for silent mode installation

    9. Select the Group where you want to apply this change and click 'Create Response'

    Please refer below image for understanding above patching details.

    Systems need not be rebooted for this change to take effect.

    On the next scheduled scan, vulnerabilities will not be reported.

     References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments