Microsoft Exchange ProxyNotShell Vulnerabilities
Zero-Day on Exchange Server Autodiscover actively being exploited in the wild
Critical zero-day vulnerabilities that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers. FortiGuard has added multiple protections throughout the Security Fabric to safeguard its customers from attacks exploiting these zero-day vulnerabilities. Learn More »
Common Vulnerabilities and Exposures
Background
A security researcher from a Vietnamese cybersecurity outfit GTSC spotted vulnerabilities on Microsoft Exchange Server while responding to an incident. The vulnerabilities have been reported three weeks ago through the Zero Day Initiative, which tracks them as ZDI-CAN-18333 and ZDI-CAN-18802.
Threat Radar Overall Score: 4.4
CVSS Rating | 8.0 | |
FortiRecon Score | 93/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 96.62% | |
FortiGuard Telemetry | 24602 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
September 29, 2022: Security News picked up the blog from GTSC and announced the active exploitation of the Microsoft Exchange Server.
September 29, 2022: Multiple reports of exploitation in the wild leveraging the Microsoft Exchange Autodiscover 0-day vulnerabilities.
September 29, 2022: Microsoft Security Response Center added customer guidance on their blog: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
Vulnerability
-
IPS
-
Web App Security
-
Web & DNS Filter
-
Post-execution
-
Botnet C&C
-
Threat Hunting
-
IOC
-
Outbreak Detection
-
Content Update
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Lure Deception Lure will divert attacker and its activities related to Microsoft Exchange ProxyNotShell Vulnerabilities towards FortiDeceptor Decoy
Decoy VM Decoys in the Microsoft Exchange segment can detect the attack and any lateral movement.
Vulnerability Detects endpoints vulnerable to Microsoft Exchange ProxyNotShell Vulnerabilities
IPS Detects and blocks attack attempts related to Microsoft Exchange ProxyNotShell Vulnerabilities
Web App Security Detects and blocks attack attempts related to Microsoft Exchange ProxyNotShell Vulnerabilities
Web & DNS Filter Detects published URL indicator (IOC) as malicious
Post-execution Delivers real-time visibility, analysis, protection and remediation for unknown threats and post exploitation activity.
Botnet C&C Detects published C2 indicator (IOC) as malicious
Threat Hunting
IOC Detects IOCs in historical logs across the security fabric
Outbreak Detection Detects indicators of the Exchange ProxyNotShell incident across the security fabric
Content Update
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
Assisted Response Services Experts to assist you with analysis, containment and response activities.
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.