Sorry what now? You cannot simply block the current attackers control addresses (they actually do give you these) or domains. First they could be either VPN users or "residential proxies" aka legitimate people with a botnet on their pc. Second the attacker - or anyone else who now knows it exists - can just change URLs or IPs. They can change the exploit signature so anti-virus and IDS systems can't trivially see it.
The ONLY correct solution here is to bring the servers offline until there is a patched version to upgrade to. Anything else would be a terrible idea.
_sometimes_ there is only one config setting that's affected, or some other often lesser-used feature that can be disabled. But it highly depends on the method used.
The ONLY correct solution here is to bring the servers offline until there is a patched version to upgrade to. Anything else would be a terrible idea.
_sometimes_ there is only one config setting that's affected, or some other often lesser-used feature that can be disabled. But it highly depends on the method used.