Skip to content

Download Domain Check


In this check we validate if the Download Domain feature was configured or not. This feature was introduced to address CVE-2021-1730.

If the feature is enabled, we validate if the URL configured to download attachments, is not set to the same as the internal or external Outlook Web App (OWA) url.

CVE-2021-1730 will not be addressed if the url configured to be used by the Download Domain feature points to the same url(s) which is/are used by OWA.

The Download Domain feature is available on Microsoft Exchange Server 2016 and Microsoft Exchange Server 2019.

Included in HTML Report?


Additional resources:

How to configure the Download Domain feature (see FAQ section)

Last update: April 19, 2022