CVE-2021-26855 (SSRF) HAFNIUM APT Group Exploiting Microsoft Exchange Vulnerabilities

Recently, Microsoft has issued an out of band patch that aims to mitigate seven Remote Code Execution vulnerabilities in Microsoft Exchange. Microsoft Threat Intelligence Center (MSTIC) has observed ...
Published Mar 04, 2021
Version 1.0
ASM Advanced WAF
HAFNIUM
microsoft exchange
NGINX WAF
security
xaxe's avatar
xaxe
Icon for Altostratus rankAltostratus
Mar 10, 2021

Hi,

 

We're running Exchange (OWA) behind an F5 using the Exchange 2016 IAPP which presents the F5 forms based logon before even displaying the Exchange/OWA logon screen.

 

We are scrambling to patch the server, however are we protected by us being behind the IAPP/F5?