[aklug] [nuga] Exchange /OWA vulnerability actively exploited
Royce Williams
royce at tycho.org
Sat Mar 6 10:39:53 AKST 2021
A scan of Alaskan space reveals ~100 Exchange instances still vulnerable.
ACS:
https://www.techsolvency.com/alaskan-networks/private/hhUTZN6ZaUS.acs
GCI:
https://www.techsolvency.com/alaskan-networks/private/hhUTZN6ZaUS.gci
All others (includes "hits" in Alasconnect, AP&T, MTA, TelAlaska,
SnowCloud, UA space):
https://www.techsolvency.com/alaskan-networks/private/hhUTZN6ZaUS.other
Unless reverse DNS is in place, or the server has been rebranded visually
it's often difficult to tell what entity owns the server at that IP.
--
Royce
On Sat, Mar 6, 2021 at 8:35 AM Royce Williams via groups.io <royce.williams=
gmail.com at groups.io> wrote:
> And here is an official Microsoft nmap script to help detect vulnerable
> instances:
>
>
> https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20210306/2cc1f2b2/attachment.htm>
More information about the aklug
mailing list