 Across the United States, millions of people set their clocks back one hour the other night as part of daylight savings. This is a bit of a controversial practice that millions of burger land citizens don't really like. They don't see the point in setting their clocks back and forward twice each year. But daylight savings, it's actually a bit of a beneficial thing for farmers because without it, we wouldn't have daylight until like 8am and well it'd be kind of difficult to do early morning farm chores. I mean I guess we could wear headlamps because well we do have technology but it would still be much harder to get candid videos like this of Mr. Blonde and I in our yellow coats in the sunshine. And even if you aren't a sneeter yourself, millions of people they still get to enjoy an extra hour of sleep because most clocks these days just set themselves back automatically in the middle of the night around midnight or so. But despite that passive comfortness that so many people got to enjoy, many corporate IT professionals were probably denied that extra hour of sleep because over the weekend several critical vulnerabilities were disclosed in Microsoft Exchange by Trend Micros Zero Day Initiative. Oh boy, it's stories like this that make me really glad that the Sneed Life chose me. Now you might be wondering why is it that Trend Micro of all companies is disclosing zero day vulnerabilities in Microsoft Exchange. You would think that that's the kind of thing you'd only be able to find you know unpatched zero days on the dark web from some shady hacker man and you have to pay him an untraceable cryptocurrency to get access to them. Well Zero Day Initiative was started back in 2005 and what they do is they essentially run a kind of third party bug bounty service where you can disclose vulnerabilities in many different kinds of software from many different kinds of vendors to them for a cash reward and then I imagine Zero Day Initiative probably gets with those companies and they get money from them for the vulnerabilities but hey I mean that's business that's how it works and from what I've heard from talking to people that have completed bug bounties themselves both for third parties like this I mean not necessarily Zero Day Initiative but other third parties and working with vendors directly they've told me that they actually prefer to go through the third parties most of the time I guess when you work with vendors directly a lot of the time they want to get the sauce they want to get the deets on the vulnerability from you for free just when talking to you so that they can try to fix it themselves without actually paying you and then back in 2015 Trend Micro actually ended up acquiring Zero Day Initiative I guess they made a whole lot of money off of selling antivirus to grandma's and so that's why it's now Trend Micro's Zero Day Initiative but anyway these four exchange vulnerabilities that we're going to take a look at they were actually reported to Microsoft by Zero Day Initiative back on September 7th and September 8th of this year so Microsoft has had about 60 days now to kindly do the needful but when security engineers from Microsoft reviewed the reports they said that the flaws just weren't severe enough to guarantee immediate fixing which probably translates to dude have you seen how profitable this AI stuff is we've been raking in the dough with Microsoft's dolly but over on the security wing it's been all hands on deck since you know Biden passed that AI executive order we have a whole team of people dedicated to making sure the AI doesn't do a racism or generate any fake realistic CP so we just don't have time to fix RCE and data exfiltration bugs on your mail server so the worst of these vulnerabilities is the ZDI 1578 I guess this is just their internal coding scheme maybe there'll be a separate CVE with a different code created but anyway this is remote code execution through the chain serialization binder class due to insufficient data validation and apparently this can also be used to execute execute code as system which is that's the highest privileges in a windows environment and it would probably give the hacker total control over this server and then of course if they have control over this server they might be able to gain more lateral movement throughout your network and the other three vulnerabilities they allow an attacker to exfiltrate data from exchange servers using various methods as the exchange server user now the only reason that these vulnerabilities are scored in the seven range instead of like nines or tens is because they do require authentication i.e exchange credentials and part of the reason that Microsoft probably decided to not put in fixes for these right away is that people don't typically configure exchange servers to just be listening directly on the internet you'd expect at the very least that they'd be behind an edge firewall or something like that in a corporate environment but you know just about everything is behind those edge devices and yet every single day corporations are being hacked and the security model of just having this hard outer shell you know making the edge very difficult to penetrate but then having very lax restrictions on the inside of the network that model has long been deprecated and same businesses have adopted defense in-depth security models where things like multifactor authentication are also used within the network especially if you have a lot of employees because compromising their end devices that's a really easy way to get your foot in the door and then take over an entire network without proper internal security and that's something that's extra important for exchange accounts in my opinion because those are oftentimes really easy to fish and hell you could probably find millions of exchange credentials from the 2021 exchange server data breach where over a quarter million servers were attacked and of course I have to address the elephant in the room which is the fact that if your company is still using Microsoft Exchange for their mail then they probably don't have the best security practices in the first place throughout the rest of their infrastructure so the better mitigation that I can really recommend is to start moving away from Microsoft Exchange it doesn't even really seem like something Microsoft wants to continue supporting themselves but of course that's a little bit more difficult to just go ahead and you know uproot your entire mail infrastructure especially if you have people in your organization that are adverse to change and they don't want to continue or they want to continue using Exchange and probably an outdated version because it just works but the other option to mitigate this risk would just be to add multi-factor authentication to those exchange accounts so that you know if a hacker is using credentials that they found on the dark web that probably still haven't been changed for years and years they're not going to be able to get in because you need an extra security token or something like that to authenticate. Now before you go and patch your vulnerable exchange servers please leave a like on this video and share it in order to hack the algorithm and check out my website based on when where you can buy merch like the open base t-shirt and many other wonderful items and of course you get a discount store-wide automatically a checkout when you pay using Monero XMR. Have a great rest of your day.