Unleash the script kiddies. New PoC for Microsoft Exchange bugs puts attacks in reach of anyone
The "researcher" is claiming that the code he provided has enough bugs to be a problem. Other people are not that sure.
The PoC, though, provided enough information that security researchers and threat actors could use it to develop a functional remote code execution exploit for Microsoft Exchange servers.
Soon after the PoC was published, Jang received an email from Microsoft-owned GitHub stating that the PoC was being taken down as it violated Acceptable Use Policies.
I'm not sure that it will make much difference, as the attacks are spreading.
And if you aren't sure how bad this is, try this, from Krebs. Warning the World of a Ticking Time Bomb
Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim’s other computers.
As of last week about 30,000 Exchange servers in the US were hacked, including as far as I can tell some .gov servers, and lots of big business.
See the previous post on this subject as well.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.