In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches.
Hafnium hackers were able to identify three MS Exchange vulnerabilities, including one (ProxyLogon) that enabled them to perform a server-side request forgery that allowed them to obtain admin access by sending a crafted web request. Volexity identified this exploit in early January 2021 and Microsoft released a security update on March 2. Security researchers believed that more than 100,000 servers globally were initially affected, including 30,000 in the U.S.
On March 9, with most servers still unprotected by the security update, a researcher published a proof of concept (PoC) for the hack on Github, which ..
Support the originator by clicking the read the rest link below.
