![]() ![]() ![]() "We detected webshells, mostly obfuscated, being dropped to Exchange servers. The SOC team said it suspects the attacks come from a Chinese group because the web shell code comes from a Microsoft character encoding for simplified Chinese. It did, however, say the exploit recorded attacks to collect information and create a foothold in victim systems. GTSC's red team determined how to use the vulnerability to access a component in Exchange's back-end and perform an RCE, but it did not release those technical details. ![]() ZDI has verified the vulnerability and acknowledged two bugs that have CVSS scores of 8.8 and 6.3, GTSC wrote. While the firm contacted the Zero Day Initiative soon after discovering the zero-day so Microsoft could prepare a patch as soon as possible, it has seen other customers falling victim to the vulnerability. The SOC first saw the vulnerability making exploit requests in IIS logs with the same format as the ProxyShell vulnerability while servicing a customer in August. GTSC's SOC team detailed the unpublished Exchange vulnerability and its temporary containment plan in a blog post on Thursday to help others stop the attack before an official patch is available from Microsoft, it explained. Vietnamese security firm GTSC warned of an attack campaign using a new zero-day affecting Microsoft Exchange servers that can lead to remote code execution. The Microsoft logo is displayed outside the Microsoft Technology Center near Times Square, June 4, 2018, in New York City. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |