What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Video

ProxyShell Zero Day Exchange Vulnerabilities

 

ProxyShell is a collection of three zero-day vulnerabilities affecting Microsoft Exchange and allowing remote code execution. This vulnerability gave threat actors an opportunity to gain access to highly sensitive data and user privileges.

Although ProxyShell vulnerabilities were reported to Microsoft and patches were available shortly after, some security teams lacked the necessary information to prioritize the security updates.

In this video, Spence Hutchinson discusses how the eSentire Threat Response Unit (TRU) detected and responded to the ProxyShell vulnerability:

  • Following the disclosure of technical details of the vulnerability, our TRU team published an advisory prompting customers to patch their Exchange servers.
  • eSentire 24/7 SOC alerted customers and worked with their security teams to prioritize patching and assist with investigations.
  • TRU developed detection models and began threat hunting based on the detected indicators of compromise and exploit patterns.

Get The Video