A researcher affiliated with Trend Micro’s Zero Day Initiative (ZDI) recently disclosed an authenticated Server-Side Request Forgery (SSRF) zero-day vulnerability within the Microsoft Exchange Server. At the time of writing, the vulnerability was not assigned a CVE identifier. The researcher reported that Microsoft has acknowledged the vulnerability. Microsoft does not plan to release an immediate … Continue reading “Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)”
Tag: Exchange Server
Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days
Microsoft has released security fixes for several vulnerabilities including patches for zero-day vulnerabilities in its March 2022 Patch Tuesday. Microsoft addresses 92 vulnerabilities in their March 2022 Patch Tuesday release. Out of these 92 vulnerabilities, three (3) are rated as critical. The release also includes fixes for three (3) publicly disclosed zero-day vulnerabilities. As of … Continue reading “Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days”
Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
Summary: In second week of February,2020, after MSPT, a static key vulnerability in Microsoft Exchange Control Panel (ECP), a component of Microsoft Exchange Server was observed, that leads to RCE. To perform the exploit, an authenticated user with any privilege level sends a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary … Continue reading “Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)”