fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PoC Exploit Released For Microsoft Exchange Bug Discovered By NSA

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj

PoC Exploit Released For Microsoft Exchange Bug Discovered By NSA

Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.

The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April.

Despite being the least severe of the bunch and requiring authentication, the risk that CVE-2021-28482 poses to companies is not to be neglected.

Valid PoC exploit code

A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

Jang’s blog post, while in Vietnamese, should pose no challenge in understanding the technical details to achieve remote code execution in an authenticated Exchange Server environment.

Yesterday, the researcher also published on GitHub demo exploit for CVE-2021-28482 written in Python. The validity of the code has been confirmed by Will Dormann, a vulnerability analyst for CERT/CC.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

CVE-2021-28482 exploit code test
source: Will Dormann

Dormann notes that attackers can exploit this deserialization vulnerability if they are authenticated on an on-premise Exchange Server instance that does not run Microsoft’s April updates.

Between the ProxyLogon vulnerabilities exploited since the beginning of the year, months before Microsoft released a patch, and the set reported by the NSA, companies rushed to update their Exchange servers at an impressively quick rate.

The high patch rate and the need for authentication lower the risk of compromise but do not eliminate it, though.

“But if anybody STILL doesn’t have April’s Exchange patches installed, if you can imagine an AUTHENTICATED attacker is a possibility, then assume CVE-2021-28482 was used” – Will Dormann

The vulnerability analyst told BleepingComputer that even if this bug is not as serious as ProxyLogon, since it does not allow en-masse scanning or exploitation, a real-life scenario for leveraging it exists:

But, any Exchange instance where a single user has a password that has been leaked, or any organization that has a single malicious or even just compromised insider is at risk if they have not installed April’s Exchange update.

Mass exploitation of an unauthenticated vulnerability leading to remote code execution should be the most powerful motivation for a company to install the latest patches for Exchange Server.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Dormann said that anyone running on-premise machines without Microsoft’s April updates “is in trouble,” more so if the server is exposed to the public internet.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us