4 matches found
Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery SSRF attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary...
Rockstar Games: Open Redirection effects autodiscover.rockstargames.com
In a report, a researcher identified an open redirection vulnerability in the Office365 Autodiscover service of the rockstargames.com domain. The issue was resolved through updates from Microsoft and internal configuration changes...
Ruler - A Tool To Abuse Exchange Services
Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules as described in: Silentbreak blog Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...
MS16-088: Description of the security update for Outlook 2016: July 12, 2016
MS16-088: Description of the security update for Outlook 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...