Microsoft Exchange Server Exploit Code Posted to GitHub

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Exchange Server Exploit Code Posted to GitHub


The proof-of-concept tool, which contained exploits for two Exchange Server vulnerabilities, was quickly removed from GitHub.



Exploit code for two Microsoft Exchange Server vulnerabilities under attack was published to GitHub earlier today. The Microsoft-owned platform quickly took down the proof-of-concept (PoC). 
The PoC combines CVE-2021-26855 and CVE-202127065, two of the four Exchange Server zero-days that
attackers are using
to break into Exchange Servers and deploy Web shells to steal data from target businesses. Since the flaws were patched on March 2, attacks
have rapidly increased
. At least 10 advanced persistent threat groups have started to weaponize these vulnerabilities to target servers. 
This marks the first fully functional exploit code to appear for the vulnerabilities, according to a new report from The Record, which notes that the PoC was published to GitHub by a Vietnamese security researcher. Other security researchers have confirmed it works, albeit with some adjustments. 
GitHub removed the code hours after its publication. In a statement to
Vice
, a spokesperson said the PoC code was removed because the vulnerability it exploits is under active attack. 
Read the
full report
for more details.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Exchange Server Exploit Code Posted to GitHub