Ref the URL below for a more in-depth explanation. Obviously double check that the policy doesn't conflict with any existing policies. If you do have any existing local-in-policies, make sure you increment "edit 1" below to a number that isn't already used. Open the console and type the following: Create an address named "MGMTAllowedAddresses", containing the addresses you want to allow access. Local-in-policy is system wide and generally more reliable. The trusted hosts option might work, but it requires that it is set on every admin account. Do your own risk assessments of what is acceptable and not). This will buy you time until you have a patch window available (remember that anyone who can access the management website can abuse this exploit, regardless of where the request originates from (LAN/WAN/Other)). Having management interface exposed to the internet obviously isn't best practice, but if you have to keep it available you can create a local-in-policy with an allowlist of addresses that should be allowed access, and block everything else by default. ![]() Copying my response to the other thread here.
0 Comments
Leave a Reply. |