Security News > 2023 > November > New Microsoft Exchange zero-days allow RCE, data theft attacks
2023-11-03 15:14
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.
Attackers can exploit it to access sensitive information from Exchange servers.
Millions of Exim mail servers exposed to zero-day RCE attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
News URL
Related news
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)