[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-updates
Subject:    [Emerging-updates] Out-of-Band Ruleset Update Summary 2021/03/03
From:       James Emery-Callcott <jcallcott () emergingthreats ! net>
Date:       2021-03-03 17:54:51
Message-ID: CAMAH=ZhBf74u8sf2SA_iaRy-EK71=8ZM7aqJgwDQ5ZbkWNwpCQ () mail ! gmail ! com
[Download RAW message or body]

[***]            Summary:            [***]

  This is an OOB update to address the recent Microsoft Exchange
vulnerabilities.

  More information can be found here -
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

  Please feel free to reply here with any questions you may have
regarding the signatures and/or vulnerabilities in question.

[+++]          Added rules:          [+++]

Pro:

  2847418 - ETPRO EXPLOIT Microsoft Exchange - Possible RCE Inbound
(CVE-2021-26857) (exploit.rules)
  2847419 - ETPRO EXPLOIT Microsoft Exchange - Possible RCE with
WebShell Inbound M1 (CVE-2021-26857) (exploit.rules)
  2847420 - ETPRO EXPLOIT Microsoft Exchange - Possible RCE with
WebShell Inbound M1 (CVE-2021-26857) (exploit.rules)
  2847421 - ETPRO EXPLOIT Microsoft Exchange - Attempted SSRF/Stage 1
Auth Bypass Verification (CVE-2021-26855) (exploit.rules)
  2847422 - ETPRO EXPLOIT Microsoft Exchange - Pre-Auth SSRF Recon
Inbound (CVE-2021-26855) (exploit.rules)
  2847423 - ETPRO EXPLOIT Microsoft Exchange - Attempted ECP Privilege
Escalation (CVE-2021-26855) (exploit.rules)



James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates

[prev in list] [next in list] [prev in thread] [next in thread]