Security researcher at GTSC It now warns of new critical day zero vulnerabilities being discovered in Microsoft Exchange.
GTSC reported everything to Microsoft but at the moment there is no patch. So details of dagnoll vulnerabilities are scarce for security reasons, but they should have CVSS ratings of 8.8 and 6.3 out of 10.
It is suspected that a Chinese attack group has already started exploiting the vulnerabilities to remotely execute code, gain access to systems and carry out data theft.
GTSC suspects the group is Chinese because it uses the Chinese Web chopper shell, where the code is written in Simplified Chinese. So far, the attacks have claimed more than one victim.
According to GTSC, adding a new IIS server rule using the URL Review Rule module and doing the following can temporarily reduce the risk of an attack:
– In Autodiscover at FrontEnd, select the Rewrite URL tab, and select Request Blocking
– add string. * Autodiscover \ .json. * \ @. * Powershell. *to the URL path:
– condition entry: select {REQUEST_URI}”
GTSC’s recommendation is that organizations using Microsoft Exchange Server themselves examine, review, and implement the above security measures as quickly as possible.
Read also: Many new malicious websites hit the internet every month
More Stories
EA President Talks New Dragon Age: 'A Return to What Made Bioware Great'
She thought she had bought a phone – she was shocked by its contents
Rumor: Lots of AI in Google's Pixel 10 and 11 cameras