Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft exchange server 2013 |
||
microsoft exchange server 2016 |
||
microsoft exchange server 2019 |
Tools allow attackers to harvest data typically locked by the operating system.
Posted: 19 Apr, 20236 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinPlay Ransomware Group Using New Custom Data-Gathering ToolsTools allow attackers to harvest data typically locked by the operating system.The Play ransomware group is using two new, custom-developed tools that allow it to enumerate all users and computers on a compromised network, and copy files from the Volume Shadow Copy Service (VSS) that are normally locked by the operati...
Summary At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082. The second vulnerability, in turn, allows remote code exec...
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Play gang blamed, ProxyNotShell cleared and hosted Exchange doomed
Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack. Rackspace said "more than half" of its customers who lost their hosted email service last month now have "some or all of their data available to them for download," in its latest and final status update, posted today. But customers aren't exactly...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Some days, security just feels like a total illusion. OK, most days...
A recently disclosed critical vulnerability in Atlassian's Bitbucket is actively being exploited, according to the US government. The Cybersecurity and Infrastructure Security Agency (CISA) late on Friday placed the flaw – tracked as CVE-2022-36804 – on its catalog of Known Exploited Vulnerabilities (KEV), effectively a must-patch list. GreyNoise, a company that tracks and analyzes internet traffic, said it found evidence the security hole was being exploited in the wild. CISA put the vulner...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Downfall processor leaks, Teams holes, VPN clients at risk, and more
Patch Tuesday Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately. Of the almost 90 flaws addressed today, two are listed as being under active exploitation. Redmond deemed six of the August CVE-tagged bugs as critical, though we note there are 26 vulnerabilities that can lead to remote code execution (RCE). One of the two that miscreants have already found and exploited doesn't yet have a patch. The advisory for that flaw, ADV2300...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert
The hacking of the UK’s Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert. Earlier this week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK. It appears the Electoral Commission was running Microsoft Exchange Server with Outlook Web ...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources And for bonus points, there's a Windows flaw under active exploit
Patch Tuesday Microsoft fixed more than 80 security flaws in its products for October's Patch Tuesday. But let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. CVE-2022-41040 is a server-side request forgery vulnerability while CVE-2022-41082 is a remote code execution (RCE) bug. Both can be exploited together to run PowerShell commands on a vulnerable system and take control of it. Vietnamese cybers...