July 12, 2023
Most security incidents require resolutions from multiple controls, such as an EDR or an IDS. Rarely is an event best solved by addressing a single control. This advisory urges organizations using Exchange to enable audit logging to identify this attack in the wild. This should be done - but endpoint protection platforms (EPP) also have a responsibility. When a client makes an authenticated - but forged - request, it should be detected and subsequently blocked. This is a difficult proposition for most EPP tools due to the vast preponderance of client side applications that can make forged requests. But the prominence of this event should make it a priority to resolve, for the time being.
Be immediately notified of new advisories and associated security tests