Trend Micro’s Zero Day Initiative (ZDI) Thursday (02.11.23)
published four zero days vulnerabilities of Microsoft Exchange which can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Bleeping Computer reported, these vulnerabilities were reported to Microsoft on September 7th and 8th, 2023. Microsoft acknowledges the reports but postpones the fixes for later.
ZDI disagreed with this response and decided to publish the flaws under its own tracking IDs to warn Exchange admins about the security risks.
By infosecbulletin
/ Thursday , July 2 2026
The Indian government issued a notice WhatsApp planned to roll out its new 'username' feature. They are worried about fake...
Read More
By infosecbulletin
/ Wednesday , July 1 2026
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
By infosecbulletin
/ Wednesday , July 1 2026
Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
By infosecbulletin
/ Wednesday , July 1 2026
Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
By infosecbulletin
/ Tuesday , June 30 2026
Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
By infosecbulletin
/ Tuesday , June 30 2026
WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
By infosecbulletin
/ Monday , June 29 2026
The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
By infosecbulletin
/ Sunday , June 28 2026
KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
By infosecbulletin
/ Sunday , June 28 2026
Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models,...
Read More
By infosecbulletin
/ Saturday , June 27 2026
Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what might happen in real-life events...
Read More
Summarize of the vulnerabilities published by ZDI:
ZDI-23-1578 – A remote code execution (RCE) flaw in the ‘Chained Serialization Binder’ class, where user data isn’t adequately validated, allowing attackers to reserialize untrusted data. Successful exploitation enables an attacker to execute arbitrary code as ‘SYSTEM,’ the highest level of privileges on Windows.
ZDI-23-1579 – Located in the ‘Download Data From Uri’ method, this flaw is due to insufficient validation of a URI before resource access. Attackers can exploit it to access sensitive information from Exchange servers.
ZDI-23-1580 – This vulnerability, in the ‘Download Data From Office Market Place’ method, also stems from improper URI validation, potentially leading to unauthorized information disclosure.
ZDI-23-1581 – Present in the Create Attachment From Uri method, this flaw resembles the previous bugs with inadequate URI validation, again, risking sensitive data exposure.
Authentication is needed to exploit these vulnerabilities, which makes them less severe with a CVSS rating between 7.1 and 7.5. Requiring authentication is a factor that helps reduce their impact. This could be why Microsoft did not prioritize fixing the bugs.
ALSO READ:
Daily Cybersecurity update, November 03
It should be noted, though, that cybercriminals have many ways to obtain Exchange credentials, including brute-forcing weak passwords, performing phishing attacks, purchasing them, or acquiring them from info-stealer logs.
That said, the above zero-days shouldn’t be treated as unimportant, especially ZDI-23-1578 (RCE), which can result in complete system compromise.
ZDI suggests that the only salient mitigation strategy is to restrict interaction with Exchange apps. However, this can be unacceptably disruptive for many businesses and organizations using the product.
We also suggest implementing multifactor authentication to prevent cybercriminals from accessing Exchange instances even when account credentials have been compromised.
Bleeping Computer has contacted Microsoft to ask about ZDI’s disclosure and are still waiting for a response.
Source: ZDI, Bleeping computer