{"id":25375,"date":"2022-10-01T01:52:24","date_gmt":"2022-10-01T01:52:24","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=25375"},"modified":"2022-10-01T01:52:26","modified_gmt":"2022-10-01T01:52:26","slug":"symantec-gtsc-warn-of-active-microsoft-exploits","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/","title":{"rendered":"Symantec, GTSC Warn of Active Microsoft Exploits"},"content":{"rendered":"\n<p>Vietnamese security firm GTSC published a <a href=\"https:\/\/gteltsc.vn\/blog\/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html\" target=\"_blank\" rel=\"noreferrer noopener\">blog post<\/a> this week warning of a new <a href=\"https:\/\/www.esecurityplanet.com\/threats\/zero-day-threat\/\">zero-day<\/a> remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August.<\/p>\n\n\n\n<p>GTSC submitted the vulnerability to the <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/upcoming\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Day Initiative<\/a>, which verified two flaws on September 8 and 9: ZDI-CAN-18333 and ZDI-CAN-18802, with CVSS scores of 8.8 and 6.3, respectively.<\/p>\n\n\n\n<p>Because GTSC continues to see customers being targeted by attacks exploiting those flaws, the firm said, it published a blog post offering additional information on the vulnerabilities.<\/p>\n\n\n\n<p>\u201cWe detected webshells, mostly obfuscated, being dropped to Exchange servers,\u201d GTSC wrote. \u201cUsing the user-agent, we detected that the attacker uses Antsword, an active Chinese-based open source cross-platform website administration tool that supports webshell management.\u201d<\/p>\n\n\n\n<p>Due to the use of a webshell codepage for simplified Chinese, GTSC attributed the attacks to a Chinese attack group.<\/p>\n\n\n\n<p>\u201cIt should be noted that every command ends with the string&nbsp;echo <em>[S]&amp;cd&amp;echo [E]<\/em>, which is one of the signatures of the Chinese Chopper,\u201d they wrote. \u201cIn addition, the hacker also injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through WMIC.\u201d<\/p>\n\n\n\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/applications\/microsoft-makes-exchange-server-patches-less-optional\/\">Microsoft Makes Exchange Server Patches Less Optional<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Microsoft Offers Guidance on Vulnerabilities<\/h2>\n\n\n\n<p>A day after GTSC published its blog post, <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/09\/29\/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft released customer guidance<\/a> on how to mitigate the vulnerabilities, which affect Microsoft Exchange Server 2013, 2016 and 2019, and are identified as the Server-Side Request Forgery (SSRF) vulnerability <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2022-41040\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-41040<\/a> and the RCE flaw <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-41082\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-41082<\/a>.<\/p>\n\n\n\n<p>While Microsoft Exchange Online customers don\u2019t need to take any action, on-premises Microsoft Exchange customers are advised to take the following steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Open the IIS Manager<\/li><li>Expand the Default Web Site<\/li><li>In the Feature View, click URL Rewrite<\/li><li>In the Actions pane on the right-hand side, click Add Rules<\/li><li>Select Request Blocking and click OK<\/li><li>Add String \u201c<em>.*autodiscover\\.json.*\\@.*Powershell.*<\/em>\u201d (excluding quotes) and click OK<\/li><li>Expand the rule and select the rule with the Pattern \u201c<em>.*autodiscover\\.json.*\\@.*Powershell.*<\/em>\u201d and click Edit under Conditions<\/li><li>Change the condition input from {URL} to {REQUEST_URI}<\/li><\/ul>\n\n\n\n<p>\u201cThere is no known impact to Exchange functionality if the URL Rewrite module is installed as recommended,\u201d the company wrote.<\/p>\n\n\n\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/threats\/powershell-security\/\">Cybersecurity Agencies Release Guidance for PowerShell Security<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Steganography Hides Malware in Microsoft Logo<\/h2>\n\n\n\n<p>Separately, Symantec announced that the Witchetty attack group, also known as LookingFrog, has been leveraging a new backdoor Trojan, Backdoor.Stegmap, which uses <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-steganography-allows-attackers-to-evade-detection\/\">steganography<\/a> to hide <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware-types\/\">malware<\/a> in an image \u2013 in this case, a bitmap of an old Microsoft logo. \u201cDisguising the payload in this fashion allowed the attackers to host it on a free, trusted service,\u201d Symantec noted.<\/p>\n\n\n\n<p>Backdoor.Stegmap is capable of creating and removing directories; copying, moving, and deleting files; downloading and running executables; and reading, creating, and deleting registry keys, among other actions.<\/p>\n\n\n\n<p>\u201cIn attacks between February and September 2022, Witchetty targeted the governments of two Middle Eastern countries and the stock exchange of an African nation,\u201d Symantec wrote. \u201cThe attackers exploited the ProxyShell (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34473\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-34473<\/a>,\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34523\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-34523<\/a>, and\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-31207\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-31207<\/a>) and ProxyLogon (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-26855<\/a>\u00a0and\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-27065\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-27065<\/a>) vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers.\u201d<\/p>\n\n\n\n<p>The Symantec report details a February attack on a government agency in the Middle East that continued over the course of several months.<\/p>\n\n\n\n<p>ESET first <a href=\"https:\/\/www.welivesecurity.com\/2022\/04\/27\/lookback-ta410-umbrella-cyberespionage-ttps-activity\/\" target=\"_blank\" rel=\"noreferrer noopener\">reported on Witchetty\/LookingFrog<\/a> in April 2022, identifying it as one of three subgroups of the cyberespionage umbrella group TA410, which itself is loosely linked to APT10\/Cicada.<\/p>\n\n\n\n<p>Read next: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-secure-email-gateways\/\">Top Secure Email Gateway Solutions<\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6f5adbe07b-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f5adbe07b\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f5adbe07b\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f5adbe07b\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f5adbe07b\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f5adbe07b\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f5adbe07b\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative, which verified two flaws on September 8 and 9: ZDI-CAN-18333 [&hellip;]<\/p>\n","protected":false},"author":166,"featured_media":18301,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[3790,4945,1146,532,730,5277],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[382,394,31780,31775],"class_list":["post-25375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-cybersecurity","tag-exchange","tag-malware","tag-microsoft","tag-security","tag-web-security","b2b_audience-awareness-and-consideration","b2b_product-application-security-vulnerability-management","b2b_product-email-security","b2b_product-patch-management","b2b_product-web-applications-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-01T01:52:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-01T01:52:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jeff Goldman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Goldman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\"},\"author\":{\"name\":\"Jeff Goldman\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795\"},\"headline\":\"Symantec, GTSC Warn of Active Microsoft Exploits\",\"datePublished\":\"2022-10-01T01:52:24+00:00\",\"dateModified\":\"2022-10-01T01:52:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\"},\"wordCount\":600,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png\",\"keywords\":[\"cybersecurity\",\"Exchange\",\"malware\",\"Microsoft\",\"security\",\"Web security\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\",\"name\":\"Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png\",\"datePublished\":\"2022-10-01T01:52:24+00:00\",\"dateModified\":\"2022-10-01T01:52:26+00:00\",\"description\":\"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Symantec, GTSC Warn of Active Microsoft Exploits\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795\",\"name\":\"Jeff Goldman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg\",\"caption\":\"Jeff Goldman\"},\"description\":\"eSecurity Planet contributor Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009. He's also written extensively about wireless and broadband infrastructure and semiconductor engineering. He started his career at MTV, but soon decided that technology writing was a more promising path.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jeff-goldman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet","description":"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/","og_locale":"en_US","og_type":"article","og_title":"Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet","og_description":"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/","og_site_name":"eSecurity Planet","article_published_time":"2022-10-01T01:52:24+00:00","article_modified_time":"2022-10-01T01:52:26+00:00","og_image":[{"width":800,"height":600,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png","type":"image\/png"}],"author":"Jeff Goldman","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Jeff Goldman","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/"},"author":{"name":"Jeff Goldman","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795"},"headline":"Symantec, GTSC Warn of Active Microsoft Exploits","datePublished":"2022-10-01T01:52:24+00:00","dateModified":"2022-10-01T01:52:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/"},"wordCount":600,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png","keywords":["cybersecurity","Exchange","malware","Microsoft","security","Web security"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/","url":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/","name":"Symantec, GTSC Warn of Active Microsoft Exploits | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png","datePublished":"2022-10-01T01:52:24+00:00","dateModified":"2022-10-01T01:52:26+00:00","description":"Microsoft Exchange continues to be a favorite target of hackers, with reports of two new exploits surfacing this week.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/03\/microsoft-exchange-logo.png","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/symantec-gtsc-warn-of-active-microsoft-exploits\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Symantec, GTSC Warn of Active Microsoft Exploits"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795","name":"Jeff Goldman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg","caption":"Jeff Goldman"},"description":"eSecurity Planet contributor Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009. He's also written extensively about wireless and broadband infrastructure and semiconductor engineering. He started his career at MTV, but soon decided that technology writing was a more promising path.","url":"https:\/\/www.esecurityplanet.com\/author\/jeff-goldman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25375"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=25375"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/18301"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=25375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=25375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=25375"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=25375"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=25375"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=25375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}