Tag
#exchange
4 posts tagged #exchange.
-
Analysis · May 20, 2026 · Colten Anderson
The year on-premise Exchange became the most-attacked software on earth
ProxyLogon and ProxyShell turned 2021 into open season on Exchange Server. Two unauthenticated RCE chains, tens of thousands of web-shelled servers, an FBI operation to clean them up. If you still run Exchange on-prem, you're operating a permanent top-tier target.
-
Analysis · May 20, 2026 · Colten Anderson
A mitigation blocks a path. OWASSRF found another door.
After ProxyNotShell, Microsoft told Exchange admins to apply URL-rewrite mitigations while the patch was finished. OWASSRF (CVE-2022-41080) walked around them by knocking on OWA instead of Autodiscover, and Play ransomware walked in. Mitigations aren't fixes.
-
Analysis · May 18, 2026 · Colten Anderson
Microsoft titled it Spoofing. It's session hijacking.
CVE-2026-42897 is the first real test of Exchange Server Subscription Edition's new servicing model. Four days in, the answer is a mitigation that breaks four OWA features and an SU with no ship date.
-
Analysis · May 5, 2026 · Colten Anderson
Exchange's deserialization problem didn't start in 2023. It still isn't fixed.
A ransomware group picked up a three-year-old Exchange RCE because scanning at scale still finds unpatched servers. The bug isn't the story. The patching economics are.