Tag

Exchange

5 briefs RSS

M365 Exchange Inbox Rule with Obfuscated Name

This rule detects when a Microsoft Exchange inbox rule is created or modified with a name composed only of special characters, which adversaries may use to evade detection and hide malicious forwarding or deletion rules.

Microsoft 365 +1 cloud saas email exchange defense evasion persistence

2r 2t 3w ago

high advisory

Microsoft Exchange Server Vulnerability Could Allow Arbitrary Code Execution

2 rules 1 TTP

A vulnerability in Microsoft Exchange Server allows for arbitrary code execution, potentially enabling attackers to execute malicious JavaScript within a user's browser context to steal data or install malware.

Exchange Server code-execution javascript exchange web-application

2r 1t May 15, 2026

medium advisory

CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability

2 rules 2 TTPs

CVE-2026-42897 is a cross-site scripting (XSS) vulnerability in Microsoft Exchange Server that allows an attacker to perform spoofing attacks by injecting malicious scripts into web pages.

Exchange Server xss spoofing exchange

2r 2t May 14, 2026

medium advisory

New ActiveSync Allowed Device Added via PowerShell

2 rules 3 TTPs

The rule detects the use of the Exchange PowerShell cmdlet, Set-CASMailbox, to add a new ActiveSync allowed device, potentially allowing attackers to gain persistent access to sensitive email data by adding unauthorized devices.

Microsoft Defender XDR +4 exchange activesync powershell persistence

2r 3t Jan 3, 2024

medium advisory

Exchange Mailbox Export via PowerShell

2 rules 4 TTPs

Adversaries may use the New-MailboxExportRequest PowerShell cmdlet to export mailboxes in Exchange, potentially leading to sensitive information theft.

Microsoft Defender XDR +2 collection execution powershell exchange mailbox

2r 4t Jan 3, 2024