S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

by

DON’T PANIC… BUT BE READY TO ACT

With Paul Ducklin and Chester Wisniewski

Intro and outro music by Edith Mudge.

Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud.

You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher.

READ THE TRANSCRIPT

[MUSICAL MODEM]

DUCK.  Hello everybody.

Welcome to another special mini-episode of the Naked Security podcast.

I am Paul Ducklin, joined again by my friend and colleague Chester Wisniewski.

Hello, Chet.

CHET.  [FAKE AUSSIE ACCENT] G’day, Duck.

DUCK.  Well, Chet, I’m sure that everyone listening. if they’re listening shortly after the podcast came out, knows what we’re going to be talking about!

And it has to be this double-barrelled Microsoft Exchange zero-day that came out in the wash pretty much on the last day of September 2022:

Our sales chums are going, “Oh, it’s month-end, it’s quarter-end, it’s a frantic time…but tomorrow everyone gets a reset to $0.”

It’s not going to be like that this weekend for Sysadmins and IT managers!

CHET.  Duck, I think, in the immortal words of the dearly departed Douglas Adams, “DON’T PANIC” might be in order.

Many organisations no longer host their own email on-premise on Exchange servers, so a good chunk of folks can take a

Read more

Explore the site

More from the blog

Latest News