by edward | Nov 21, 2023 | Exchange 2016, Exchange 2019, NMAP, NMAP Scripting Engine, NSE
Performing some tests against my lab Exchange servers, I noticed that Shodan.io revealed information. Take note that attackers also use Shodan.io when enumerating targets. After digging further with NMAP and some scripts, it became more apparent that internal...
by edward | Nov 12, 2023 | Exchange 2016, Exchange 2019
In the August 2023 Security update (SU) for Exchange Server 2016 and Exchange Server 2019, there was a work around that had to be put in place to remove the Token Cache Module in IIS to mitigate a vulnerability. Microsoft provided the script and you could apply it to...
by edward | Nov 7, 2023 | Exchange 2019, NMAP, NMAP Scripting Engine
In my blog post yesterday where I show cased that a bad actor can get the Exchange Server version with CU/SU you are running and based on that information if not patched start attacking your server. In the October 2023 Security Update for Exchange, KB5030877 for both...
by edward | Nov 6, 2023 | Exchange 2016, Exchange 2013, Exchange 2019, NMAP, NMAP Scripting Engine, NSE
Over the past few years, Microsoft Exchange Server has come under heavy attack and with each new Cumulative Update (CU) and Security Update (SU), CVE’s are addressed and closed. The problem comes in when organisations do not patch servers (as mentioned in a few...
by edward | Aug 18, 2023 | Exchange 2019
Microsoft released V2 of the August Security Update for Exchange 2019 which includes an extra step that addresses a vulnerability. In this blog post, we will cover the following: Quick overview of Exchange 2019 CU13 install Quick overview of applying the Security...
