18 min
Zero-Day
Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange
In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.
5 min
Windows
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020, but what does that mean in practice?
5 min
Research
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
2 min
Vulnerability Management
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).
3 min
Risk Management
CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis
Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
8 min
Windows
PowerShell: How to Defend Against Malicious PowerShell Attacks
By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.
4 min
Microsoft
Petya-like Ransomware Explained
TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in
Ukraine yesterday and has spread around the world. The ransomware, which was
initially thought to be a modified Petya variant, encrypts files on infected
machines and uses multiple mechanisms to both gain entry to target networks and
to spread laterally. Several research teams are reporting that once victims'
disks are encrypted, they cannot be decrypted
[https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware
4 min
Microsoft
Announcing Microsoft Azure Asset Discovery in InsightVM
Almost every security or IT practitioner is familiar with the ascent and
continued dominance
[https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web
Services (AWS). But you only need to peel back a layer or two to find Microsoft
Azure growing its own market share
[https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud]
and establishing its position as the most-used, most-likely-to-renew
[https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-
2 min
Microsoft
Patch Tuesday - June 2017
This month sees another spate of critical fixes
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99]
from Microsoft, including patches for a number of Remote Code Execution (RCE)
vulnerabilities. Two of these are already known to be exploited in the wild (
CVE-2017-8543
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543]
and CVE-2017-8464
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis
2 min
Microsoft
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft
issuing fixes for a total of seven vulnerabilities as part of their standard
update program. However, an eighth, highly critical vulnerability (CVE-2017-0290
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290]
) that had some of the security community buzzing over the weekend was also
addressed [https://technet.microsoft.com/en-us/library/security/4022344] late
Monday evening. A flaw in the
5 min
Microsoft
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are
increasingly asked to do more with less. They simply cannot remediate
everything; it has never been more important to prioritize and drive
remediations from start to finish.
The Remediation Workflow capability in InsightVM
[https://www.rapid7.com/products/insightvm/] was designed to drive more
effective remediation efforts by allowing users to project manage efforts both
large and small. Remediation Workflow is designed
1 min
Microsoft
Patch Tuesday - April 2017
This month's updates deliver vital client-side fixes, resolving publicly
disclosed remote code execution (RCE) vulnerabilities for Internet Explorer and
Microsoft Office that attackers are already exploiting in the wild. In
particular, they've patched the CVE-2017-0199
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199]
zero-day flaw in Office and WordPad, which could allow an attacker to run
arbitrary code on a victim's system if they are able to successfully soc
1 min
Microsoft
Cisco Enable / Privileged Exec Support
In Nexpose [https://www.rapid7.com/products/nexpose/] version 6.4.28, we are
adding support for privileged elevation on Cisco devices through enable command
for those that are running SSH version 2.
A fully privileged policy scan provides more accurate information on the
target's compliance status, and the ability to do so through enable password,
while keeping the actual user privilege low, adds an additional layer of
security for your devices. This allows our users to run fully privileged po