An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application.
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
Leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.
Microsoft Releases September 2023 Security Updates – Patch Now!
September 2023 Patch Tuesday. Microsoft released security updates for products that preempt and mitigate critical vulnerabilities that may affect your infrastructure.
Windows Server 2012 and 2012 R2 reaching end of support
October 10th, of 2023, might seem far off but that’s when Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2.
Reminder: Windows 10, version 20H2 end of servicing is May 9, 2023
If you’re still on Windows 10 version 20H2 Enterprise Edition — servicing stops on May 9, 2023. We strongly recommend upgrading eligible devices to Windows 10 or Windows 11. Contact us for assistance
Unpatched or Unsupported Microsoft Exchange Servers Can Expect an SMTP 450 Error
On Monday, March 24th, 2023, Microsoft announced that it is enabling a transport-based enforcement system in Exchange Online serving three functions: reporting, throttling, and blocking.
Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.
Microsoft Making Hybrid Work More Secure with New Windows 11 Security Features
Microsoft is stepping up its game to protect Hybrid Workers from cyber threats. The new Windows 11 security features aim to address the ever-growing security concerns of hybrid workers. — What do these new features help with? Read more.