If you’ve already dealt with ProxyLogon (for which we launched a dedicated scanner in March), know these security weaknesses have a similar operation model. All they have to do is to do thorough recon and send specially crafted requests to their target to get RCE. Our team built a detection module that identifies Exchange servers vulnerable to the combination of pre-auth and post-auth vulnerabilities the NSA disclosed:īad actors love these because the first two vulns don’t even require authenticating to the exposed Exchange Server. No solid PoC exploit scripts surfaced either, so we took matters into our own hands. Since these CVEs were published (April 13, 2021), we’ve been looking for a detailed technical advisory – but it never came. That means you can probe systems by connecting to the target through the network, without local access or credentials. Ours is the second scanning tool of its kind in the world that can identify vulnerable servers remotely. It checks if your Exchange servers are vulnerable to the attack chain that exploits four recent CVEs and results in Remote Code Execution. We just added a new detection module to our Network Vulnerability Scanner. If you didn’t catch the NSA boilerplate announcement, there’s another batch of vulnerabilities to scan for – and we built what you need. Running on-prem Microsoft Exchange servers?
0 Comments
Leave a Reply. |