How to hack an unpatched Exchange server with rogue PowerShell code
Credit to Author: Paul Ducklin| Date: Tue, 22 Nov 2022 17:54:04 +0000
Review your servers, your patches and your authentication policies – there’s a proof-of-concept out
Read moreCredit to Author: Paul Ducklin| Date: Tue, 22 Nov 2022 17:54:04 +0000
Review your servers, your patches and your authentication policies – there’s a proof-of-concept out
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Android Tags: Samsung Tags: Xiaomi Tags: Adobe Tags: SAP Tags: VMWare Tags: Fortinet Tags: CVE-2022-41033 Tags: CVE-2022-41040 Tags: zero-day No fix for ProxyNotShell |
The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers |
The post [updated]Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Ducklin| Date: Sat, 01 Oct 2022 14:05:59 +0000
Who’s affected, what you can do while waiting for Microsoft’s patches, and how to plan your threat hunting…
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers |
The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.
Read moreCredit to Author: BrianKrebs| Date: Fri, 30 Sep 2022 16:51:57 +0000
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
Read moreCredit to Author: Paul Ducklin| Date: Fri, 30 Sep 2022 13:25:11 +0000
Double-play 0-day in Exchange – what you need to know, and what you can do
Read more