Drown attack and Exchange Server

Share this:

In this Tutorial we are going to check if an Exchange Server is vulnerable to the Drown attack, the same procedure can be used on any server that runs IIS, which means SharePoint, Lync/Skype for Business and etc.

Solution


The best way to identify if your servers have the vulnerability is using the following site: https://test.drownattack.com (Thanks Damian!) and type in your exchange server that is published to the outside world and you will receive information if that address is vulnerable or not.

image

 

If you have to disable SSL v2, the process is extremely simple on Exchange Server however it requires a restart of the server. Here are the required steps:

  1. Open regedit
  2. Expand HKEY_LOCAL_MACHINE
  3. Expand System
  4. Expand CurrentControlSet
  5. Expand Control
  6. Expand SecurityProviders
  7. Expand SCHANNEL
  8. Expand Protocols
  9. Expand SSL 2.0
  10. Expand Server (if there is no such entry, please one)
  11. Create a DWORD (32 bits) called Enabled and enter 0
  12. Restart the computer

image

After that we can use the initial page and check the vulnerability, and the results at this time should be appears fixed.

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

How to disable all accounts from an Organization U... In some cases, the administrator must disable all accounts from a specific Organization Unit. We can approach this task from either Active Directory U...
How to Enable/Disable Malware feature in Exchange ... In this Tutorial we are going over the process do enable and disable malware feature in Exchange Server 2013. We can manage malware features during th...
How to.. Simplify Outlook Web App access using Exc... In Today’s post we are going over the process to simplify Outlook Web App (OWA) access to our end-users. Exchange Server 2013 by default already perf...