New Microsoft Exchange Vulnerability Allows Attackers To Access User's Emails

A new vulnerability in Microsoft Exchange Server allows threat actors to access emails from a target account by crafting a request to web services within the Exchange Control Panel (ECP) application. Using this method attackers are able to redirect the emails to their mailbox. The vulnerability is caused by the Microsoft Exchange’s frontend site running as a proxy for the Exchange backend to which it passes authentication requests. Read more...