Video

ProxyShell Zero Day Exchange Vulnerabilities

 

ProxyShell is a collection of three zero-day vulnerabilities affecting Microsoft Exchange and allowing remote code execution. This vulnerability gave threat actors an opportunity to gain access to highly sensitive data and user privileges.

Although ProxyShell vulnerabilities were reported to Microsoft and patches were available shortly after, some security teams lacked the necessary information to prioritize the security updates.

In this video, Spence Hutchinson discusses how the eSentire Threat Response Unit (TRU) detected and responded to the ProxyShell vulnerability:

  • Following the disclosure of technical details of the vulnerability, our TRU team published an advisory prompting customers to patch their Exchange servers.
  • eSentire 24/7 SOC alerted customers and worked with their security teams to prioritize patching and assist with investigations.
  • TRU developed detection models and began threat hunting based on the detected indicators of compromise and exploit patterns.

Watch The Video