Security News > 2021 > May > PoC exploit released for Microsoft Exchange bug dicovered by NSA
Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.
A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.
The validity of the code has been confirmed by Will Dormann, a vulnerability analyst for CERT/CC. Dormann notes that attackers can exploit this deserialization vulnerability if they are authenticated on an on-premise Exchange Server instance that does not run Microsoft's April updates.
Between the ProxyLogon vulnerabilities exploited since the beginning of the year, months before Microsoft released a patch, and the set reported by the NSA, companies rushed to update their Exchange servers at an impressively quick rate.
Any Exchange instance where a single user has a password that has been leaked, or any organization that has a single malicious or even just compromised insider is at risk if they have not installed April's Exchange update.
Mass exploitation of an unauthenticated vulnerability leading to remote code execution should be the most powerful motivation for a company to install the latest patches for Exchange Server.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)