According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.
There is a temporary mitigation, adding a URL-based request block on the string
.*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise:
Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.
Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”
We always like to call out a commercial success stemming from projects that got their start on Hackaday.io, and so we’re proud to announce the release of MAKE: Calculus by Joan Horvath and Rich Cameron, a book that takes a decidedly different approach to teaching calculus than traditional courses. Geared to makers and hackers, who generally tend to have a visual style of learning, the book makes heavy use of 3D-printed models to illustrate the relationships between functions. The project started five years ago as a 2017 Hackaday Prize entry, and resulted in a talk at the 2019 Supercon. Their book is now available for preorder, and might be a great way to reacquaint themselves with calc, or perhaps even to learn it for the first time. Continue reading “Hackaday Links: July 10, 2022”
If you had the misfortune of running a Microsoft Exchange server this past week, then you don’t need me to tell you about the Y2K22 problem. To catch rest of us up, when Exchange tried to download the first malware definitions update of 2022, the version number of the new definitions triggered a crash in the malware detection engine. The date is represented as the string
2201010001, where the first two digits represent the year. This string gets converted to a signed long integer, which maxes out at
2,147,483,647. The integer overflows, and the result is undefined behavior, crashing the engine. The server fails safe, not processing any messages without a working malware engine, which means that no e-mail gets through. Happy new year!
Continue reading “This Week In Security: Y2K22, Accidentally Blocking 911, And Bug Alert”
Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.
Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the Windows DNS server. It’s considered a low-complexity attack, but does require local network access to pull off. CVE-2021-26867 is another of the patched vulnerabilities that sounds very serious, allowing an attacker on a Hyper-V virtual machine to pierce the barrier and run code on the hypervisor. The catch here is that the vulnerability is only present when using the Plan 9 filesystem, which surely limits the scope of the problem to a small handful of machines.
The most interesting fixed flaw was CVE-2021-26411 a vulnerability that allowed remote code execution when loading a malicious web page in either IE or pre-chromium Edge. That flaw was actively being exploited in a unique APT campaign, which we’ll cover right after the break.
Continue reading “This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras”
I can’t help but wonder how long it will be before the movie title “Dial M for Murder” becomes mysterious to most of the population. After all, who has seen a dial phone lately? Sure, there are a few retro phones, but they aren’t in widespread use. It may not be murder, but it turns out that the dial telephone has its roots in death — or at least the business of death. But to understand why that’s true, you need to go back to the early days of the telephone.
Did you ever make a tin can phone with a string when you were a kid? That dates back to at least 1667. Prior to the invention of what we think of as the telephone, these acoustic phones were actually used for specialized purposes.
We all know that [Alexander Graham Bell] made a working telephone over a wire, drawing inspiration from the telegraph system. However, there’s a lot of dispute and many others about the same time were working on similar devices. It is probably more accurate to say that [Bell] was the first to successfully patent the telephone (in 1876, to be exact).
Continue reading “Rotary Phones And The Birth Of A Network”