Drown attack and Exchange Server

Share this:

In this Tutorial we are going to check if an Exchange Server is vulnerable to the Drown attack, the same procedure can be used on any server that runs IIS, which means SharePoint, Lync/Skype for Business and etc.

Solution


The best way to identify if your servers have the vulnerability is using the following site: https://test.drownattack.com (Thanks Damian!) and type in your exchange server that is published to the outside world and you will receive information if that address is vulnerable or not.

image

 

If you have to disable SSL v2, the process is extremely simple on Exchange Server however it requires a restart of the server. Here are the required steps:

  1. Open regedit
  2. Expand HKEY_LOCAL_MACHINE
  3. Expand System
  4. Expand CurrentControlSet
  5. Expand Control
  6. Expand SecurityProviders
  7. Expand SCHANNEL
  8. Expand Protocols
  9. Expand SSL 2.0
  10. Expand Server (if there is no such entry, please one)
  11. Create a DWORD (32 bits) called Enabled and enter 0
  12. Restart the computer

image

After that we can use the initial page and check the vulnerability, and the results at this time should be appears fixed.

image

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at MSExchange.org, ITPROCentral.com and AndersonPatricio.org (Portuguese).