18 min
Zero-Day
Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange
In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.
5 min
Windows
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020, but what does that mean in practice?
5 min
Research
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.
3 min
tCell
Rapid7 tCell now supports Microsoft Agents on 32-Bit
We’re excited to share that over the past few weeks, we’ve released support for 32-bit applications for our .NET, .NET Core, and IIS agents.
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
2 min
Vulnerability Management
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).
3 min
Risk Management
CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis
Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.
5 min
Incident Detection
How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign
In this blog post, Rapid7's MDR services team outlines a unique phishing campaign that utilizes a novel method of scraping organizations’ branded Microsoft 365 tenant login pages to produce highly convincing credential harvesting pages.
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
8 min
Windows
The PowerShell Boogeyman: How to Defend Against Malicious PowerShell Attacks
By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.
4 min
Microsoft
Petya-like Ransomware Explained
TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in
Ukraine yesterday and has spread around the world. The ransomware, which was
initially thought to be a modified Petya variant, encrypts files on infected
machines and uses multiple mechanisms to both gain entry to target networks and
to spread laterally. Several research teams are reporting that once victims'
disks are encrypted, they cannot be decrypted
[https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware
4 min
Cloud Infrastructure
Announcing Microsoft Azure Asset Discovery in InsightVM
Almost every security or IT practitioner is familiar with the ascent and
continued dominance
[https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web
Services (AWS). But you only need to peel back a layer or two to find Microsoft
Azure growing its own market share
[https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud]
and establishing its position as the most-used, most-likely-to-renew
[https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-
2 min
Microsoft
Patch Tuesday - June 2017
This month sees another spate of critical fixes
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99]
from Microsoft, including patches for a number of Remote Code Execution (RCE)
vulnerabilities. Two of these are already known to be exploited in the wild (
CVE-2017-8543
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543]
and CVE-2017-8464
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis
2 min
Microsoft
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft
issuing fixes for a total of seven vulnerabilities as part of their standard
update program. However, an eighth, highly critical vulnerability (CVE-2017-0290
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290]
) that had some of the security community buzzing over the weekend was also
addressed [https://technet.microsoft.com/en-us/library/security/4022344] late
Monday evening. A flaw in the
4 min
Microsoft
Simple Vulnerability Remediation Collaboration with InsightVM
Many security groups today use ticketing systems that were originally designed
for IT or developers, and are usually ill-suited to their vulnerability
management [https://rapid7.com/solutions/vulnerability-management/] needs. Even
more commonly, teams simply rely on spreadsheets and unwieldy reports. On the
other end of the spectrum, some security teams build a self-service workflow for
their remediators and run into lack of user adoption – remediators just are not
logging in to the security con