In this Tutorial we are going to check if an Exchange Server is vulnerable to the Drown attack, the same procedure can be used on any server that runs IIS, which means SharePoint, Lync/Skype for Business and etc.
The best way to identify if your servers have the vulnerability is using the following site: https://test.drownattack.com (Thanks Damian!) and type in your exchange server that is published to the outside world and you will receive information if that address is vulnerable or not.
If you have to disable SSL v2, the process is extremely simple on Exchange Server however it requires a restart of the server. Here are the required steps:
- Open regedit
- Expand HKEY_LOCAL_MACHINE
- Expand System
- Expand CurrentControlSet
- Expand Control
- Expand SecurityProviders
- Expand SCHANNEL
- Expand Protocols
- Expand SSL 2.0
- Expand Server (if there is no such entry, please one)
- Create a DWORD (32 bits) called Enabled and enter 0
- Restart the computer
After that we can use the initial page and check the vulnerability, and the results at this time should be appears fixed.