Microsoft Exchange Zero-Day Exploited via XSS in Outlook on the web

/MEDIUM
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-inteldata-breachmalwarevulnerabilitymicrosoft
Microsoft Exchange Zero-Day Exploited via XSS in Outlook on the web

Microsoft has issued mitigations for a high-severity zero-day vulnerability in Exchange Server, actively exploited in the wild. BleepingComputer reports that this flaw allows threat actors to execute arbitrary code through cross-site scripting (XSS) attacks, specifically targeting users of Outlook on the web.

This isn’t a theoretical risk; it’s a live attack. The XSS vector means an attacker can inject malicious scripts into trusted web pages viewed by Outlook on the web users. This bypasses standard browser same-origin policies, potentially leading to session hijacking, credential theft, or further arbitrary code execution within the user’s browser context.

Attackers are clearly leveraging the ubiquity of Exchange and Outlook on the web as a prime target. Exploiting XSS in such a critical communication platform gives them a direct path into user sessions, making it a high-value entry point for lateral movement or data exfiltration within an organization.

What This Means For You

  • If your organization uses Microsoft Exchange Server with Outlook on the web, you need to prioritize implementing Microsoft's mitigations immediately. This is not a 'wait for the patch' scenario; it's an active exploitation. Audit your web application firewalls and endpoint detection systems for any anomalous script execution or suspicious activity originating from Outlook on the web sessions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1187 Exploit via Browser Initial Access T1059.007 Client-Side Execution: JavaScript Execution

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Microsoft Exchange Outlook Web App XSS Exploit Attempt

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Indicators of Compromise

IDTypeIndicator
Exchange-Zero-Day-2024 RCE Microsoft Exchange Server
Exchange-Zero-Day-2024 XSS Outlook on the web

Written by SCW Vulnerability Desk

Take action on this incident
πŸ“‘ Monitor microsoft.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on Microsoft All breaches, IOCs & vendor exposure

Related coverage on Microsoft

American Lending Center Data Breach Exposes 123,000 Individuals

American Lending Center, a non-bank lender, has confirmed a data breach impacting approximately 123,000 individuals. According to SecurityWeek, the incident stemmed from a ransomware attack...

threat-intelvulnerabilitymalwareransomwaredata-breach
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 3 Sigma

Gremlin Stealer Evolves with Advanced Obfuscation, Crypto Clipping

Palo Alto Unit 42 reports a significant evolution in the Gremlin stealer, now employing advanced obfuscation tactics to evade detection. This variant is designed to...

threat-intelAPTmalwareresearchunit-42
/SCW Research /MEDIUM

TeamPCP Releases Shai-Hulud Worm Source Code, Incentivizes Supply Chain Attacks

The hacking group TeamPCP has publicly released the source code for its Shai-Hulud worm, according to SecurityWeek. This isn't just a code dump; TeamPCP is...

threat-intelvulnerabilitymalwaretools
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs