– archyde news –
On-premises Microsoft Exchange servers have recently taken a beating and Exchange Server operators now have to worry regarding a new set of attacks. Microsoft acknowledged the issues in a post on the Security Response Centeridentifying two vulnerabilities, one server-side request forgery and another that allows remote code execution via PowerShell.
These vulnerabilities are apparently currently being exploited, with signs pointing to Chinese state-sponsored hacking groups known to use some of the web shells used in the attacks.
Microsoft says Exchange Online, the company’s hosted mail server solution, is not affected, but on-premises mail servers running outdated Exchange servers might be. The blog post lists instructions for mitigations, including blocking URL rewrite actions in a default IIS website and blocking remote access to Remote PowerShell.
– archyde news –
The company also lists some possible detection techniques using Microsoft Sentinel, Defender for Endpoint, and Defender Antivirus.
