ProxyShell
ProxyShell or ProxyNotShell? Let’s Set The Record Straight
Before diving into ProxyNotShell, we will start by giving some context regarding the original ProxyShell vulnerabilities. On BlackHat USA 2021, Orange Tsai (a 0-day researcher focusing on web/application security) revealed the three ...
Two New Exchange Zero-Days Raise Questions About Microsoft Security
Microsoft finally issued CVEs—CVE-2022–41040 and CVE-2022–41082—for two new zero-day vulnerabilities in Exchange, ending a few days of speculation that the duo were, in fact, ProxyShell flaws uncovered in 2021. “I am calling ...
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...