https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437148#M97396 <P>Hello All,</P><P>I would test to see if some of the URL's are already in PAN's URL or DNS filters. My opinion of vendors is that they need to update their signatures quickly to help protect their customers.</P><P>&nbsp;</P><P>You can always open a support case and see if they have already added the signatures.</P><P>Regards,</P> Tue, 28 Sep 2021 15:49:28 GMT OtakarKlier 2021-09-28T15:49:28Z https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/436710#M97387 <P>Hi All,</P> <P>A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers</P> <P>Domains that we need to block are listed here: <A href="https://github.com/guardicore/labs_campaigns/blob/84d8423335bf72ea078b5286db647580fb7f6a58/Autodiscover/autodiscover-tlds.txt" target="_blank">https://github.com/guardicore/labs_campaigns/blob/84d8423335bf72ea078b5286db647580fb7f6a58/Autodiscover/autodiscover-tlds.txt</A></P> <P>However , this list has over 9100 domains and some are not illegal chars.</P> <P>Does any one find a way to edit/modify this list so it can be successfully imported into Palo FW?</P> <P>Any suggestions are much appreciated.</P> <P>Thanks</P> <P>QLe</P> Sun, 26 Sep 2021 23:41:24 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/436710#M97387 Qui 2021-09-26T23:41:24Z https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437131#M97394 <P>If you have URL filtering on your firewall, why not create a custom URL category with an entry of: autodiscover.* with an explicit deny rule at the top of your security policy hierarchy? Way quicker than reformatting and importing an EDL.&nbsp;</P> Tue, 28 Sep 2021 13:34:56 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437131#M97394 LAYER_8 2021-09-28T13:34:56Z https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437148#M97396 <P>Hello All,</P><P>I would test to see if some of the URL's are already in PAN's URL or DNS filters. My opinion of vendors is that they need to update their signatures quickly to help protect their customers.</P><P>&nbsp;</P><P>You can always open a support case and see if they have already added the signatures.</P><P>Regards,</P> Tue, 28 Sep 2021 15:49:28 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437148#M97396 OtakarKlier 2021-09-28T15:49:28Z https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437150#M97397 <P>You are also able to log into the support portal and check our threat database for signatures associated with the CVE number.&nbsp;</P> Tue, 28 Sep 2021 16:17:12 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437150#M97397 LAYER_8 2021-09-28T16:17:12Z https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437238#M97405 <P>I previously checked the threat db for signatures associated with the CVE number but found none.</P><P>Maybe the threat is not that catastrophic.</P><P>Thanks</P><P>&nbsp;</P> Wed, 29 Sep 2021 03:58:42 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-autodiscover-flaw-vulnerability/m-p/437238#M97405 Qui 2021-09-29T03:58:42Z