Security News > 2021 > May > PoC exploit released for Microsoft Exchange bug dicovered by NSA
Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.
A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.
The validity of the code has been confirmed by Will Dormann, a vulnerability analyst for CERT/CC. Dormann notes that attackers can exploit this deserialization vulnerability if they are authenticated on an on-premise Exchange Server instance that does not run Microsoft's April updates.
Between the ProxyLogon vulnerabilities exploited since the beginning of the year, months before Microsoft released a patch, and the set reported by the NSA, companies rushed to update their Exchange servers at an impressively quick rate.
Any Exchange instance where a single user has a password that has been leaked, or any organization that has a single malicious or even just compromised insider is at risk if they have not installed April's Exchange update.
Mass exploitation of an unauthenticated vulnerability leading to remote code execution should be the most powerful motivation for a company to install the latest patches for Exchange Server.
News URL
Related news
- Microsoft: Exchange 2016 reaches extended end of support in October (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)