It's important to note that this will prevent all WebDev connections including over intranet and is therefore not necessarily a suitable option. Request that all users disable the WebClient service.Keep doing this until Outlook stops connecting to your email server. If it does, head back to the COM Add-ins box and enable one add-in. Check if Outlook connects to your mail server. This may prevent NTLM credentials being accessed by the attacker. Select Add-ins from the left sidebar and choose Go next to COM Add-ins on the right pane. Request that all users disable the Show Reminders setting in Outlook.It's important to note that this may also interfere with any applications that rely on NTLM. Any user in this group cannot use NTLM as an authentication method. Add all users to the Protected User Security Group.
If you require port 445 for other purposes, you should monitor all traffic over that port and block anything that goes to an external IP address. This attack uses port 445 and if no communication is possible via that port, the attack will be unsuccessful. While patching software should be a priority for all businesses, if for some reason, this cannot be achieved, there are other ways to prevent this attack from being successful. Microsoft released a patch on March 14th, 2023, and once installed, any attempts at this attack will be ineffective. The optimal way to protect against this vulnerability is to update all Outlook software. How to Protect Against This Vulnerability