“new 0 - day vulnerabilities found in microsoft exchange | huntress our team is currently investigating new 0 - day vulnerabilities in microsoft exchange servers that could lead to remote code execution ( rce ) for an authenticated user. our threatops team discovered this blog, an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
99%
“- day vulnerability and remote code execution exploit. unfortunately, this means that the latest patch and cumulative updates are not sufficient to protect exchange servers from this threat. currently, there are no known proof - of - concept scripts or exploitation tooling availa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1505.003Web Shell
98%
“our partners ' devices. confirmed webshell paths ( credit to this blog published by the gtsc team ) - c : \ program files \ microsoft \ exchange server \ v15 \ frontend \ httpproxy \ owa \ auth \ redirsuiteserviceproxy. aspx - c : \ inetpub \ wwwroot \ aspnet _ client \ xml. ashx…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
82%
“that this is only an attack vector for an authenticated adversary. currently, no official patch has been released by microsoft yet. kevin beaumount has pointed out that there is still a risk to exchange online users, as a significant number may be running a hybrid server that mig…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The Huntress team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers, piggybacking on ProxyShell and ProxyLogon.