Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2
September 26, 2021
Event Overview Recently, NSFOCUS CERT discovered a slew of security incidents that exploited security vulnerabilities (ProxyShell) in Microsoft Exchange. Also, NSFOCUS found that the new LockFile ransomware group LockFile took advantage of these ProxyShell and PetitPotam vulnerabilities to target enterprise domain environments, finally encrypting quite a few hosts from enterprises for ransom. In April, a […]
Microsoft Exchange Server Arbitrary User Impersonation Vulnerability Handling Guide
January 10, 2019
1 Vulnerability Overview
Recently, a security researcher released details of an arbitrary user impersonation vulnerability (CVE-2018-8581) in Microsoft Exchange Server (also known as Exchange Web Server, EWS for short), revealing that an authenticated attacker could exploit this vulnerability to impersonate arbitrary accounts or even gain privileges of the target user. Currently, the vulnerability’s proof of concept (PoC) has been made publicly available. However, Microsoft has not released any security patches to address it, but provided a workaround in its official security advisory. Users of this software are advised to take precautions as soon as possible. (more…)
