As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this article, part 3 of the series, I describe a chain of 3 vulnerabilities that led to remote code execution: ·       CVE-2023-36744 – Arbitrary…

We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the…

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Micro Security Research’ was reported to the affected vendor on: 2025-01-03, 1 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a…

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘CrisprXiang With FDU and Hao Huang with FDU’ was reported to the affected vendor on: 2025-01-03, 1 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of…

A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory. A CVSS score 4.3…

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Corentin “@OnlyTheDuck” BAYET from REverse Tactics’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public…

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Kevin Salapatek’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory. A CVSS score…

A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘NT AUTHORITYANONYMOUS LOGON’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory. A CVSS…

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.…

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 16 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.…