March 28, 2024

Researchers discover two zero-day errors in Microsoft Exchange

Researchers discover two zero-day errors in Microsoft Exchange

Vietnamese security researchers GTSC Cyber ​​Security Company I discovered two actively exploited vulnerabilities in Microsoft Exchange. The two zero-day errors allow remote code to be run on the target system, like “computer is bleedingThis is how attackers can open backdoors into the system and steal data.

There is currently no patch from Microsoft – it’s not clear when one will appear.

However, GTSC researchers have published an alternative solution to secure their infrastructure, such as “hotAccordingly, administrators should create a rule blocking the request with the content . * Autodiscover \ .json. * \ @. * Powershell. * In the URL path – “{REQUEST_URI}” must be defined as the condition entry.

Administrators can use the following PowerShell command to check if servers have already been compromised:

Get-ChildItem -Recurse -Path -Filter “*.log” | Select-String -Pattern ‘powershell. * autodiscover \ .json. * \ @. * 200’

Researchers reported the vulnerability to Microsoft three weeks ago via the Zero Day initiative, Bleepingcomputer wrote. Microsoft has not yet released any information about the two vulnerabilities and has not yet set a CVE ID to track them. Both vulnerabilities received a CVSS score of 8.8 and 6.3 – thus the risk is classified as ‘high’.

Microsoft released patches for two zero-day security vulnerabilities in Windows in the middle of the month. Read more about this here.

If you want to read more about cybercrime and cyber security, Subscribe to the Swisscybersecurity.net newsletter here. On the portal you can read daily news about current threats and new defense strategies.

See also  Next Qualcomm Snapdragon with AV1 Video Codec Support