Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft Exchange Autodiscover User Credential Protocol Flaw Leak

Hi Sophos/Forumites

Had a couple of  customers ask me if we could block the following at the firewall. Will Sophos be rolling out updates to take care of this or will we have to manually try and tackle this ? Some of the URLs here I don't think will even parse in the URL List of Sophos and I think the length also makes it a no go as the XG boxes choke on long 3rd party lists I've discovered.

https://petri.com/how-to-mitigate-microsoft-exchange-autodiscover-protocol-flaw-that-leaks-user-credentials

https://github.com/guardicore/labs_campaigns/blob/master/Autodiscover/autodiscover-tlds.txt



This thread was automatically locked due to age.