More trouble for Exchange Server as zero-day exploits attacked - OnMSFT.com
We're hedging our bets! You can now follow OnMSFT.com on Mastadon or Tumblr!

More trouble for Exchange Server as zero-day exploits attacked

On premises Microsoft Exchange servers have taken a beating recently, and now there's a new set of attacks for Exchange Server operators to worry about. Microsoft has acknowledged the issues in a post on the Security Response Center, identifying two vulnerabilities, one a Server Side Request Forgery, and another that allows remote code execution via PowerShell.

These vulnerabilities are apparently being currently exploited, with signs pointing to China state sponsored hacking groups, who are known to use some of the web shells used in the attacks.

Microsoft says that Exchange Online, the company's hosted mail server solution, is not affected, but on premises mail servers running outdated Exchange Servers could be. The blog post lists instructions for mitigations, including blocking URL rewrite actions in a default IIS website, and blocking remote access to Remote PowerShell.

The company also lists some possible detection techniques using Microsoft Sentinel, Defender for Endpoint, and Defender Antivirus.

 

Share This Post:

Older

Windows 11 2022 rollout blocked for some over printer driver issues

Halo Infinite's campaign co-op mode will come with 24 new achievements. Check them out here

Newer