pronto 6 Posted September 19, 2022 Share Posted September 19, 2022 (edited) Servus Community, I have conflicting information on several detections in our Exchange Server. There are three unresolved detections logged, but theaction type is indicated as blocked. What exactly is my to do now? Thx & Bye Tom Edited September 19, 2022 by pronto misstyping Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 19, 2022 Share Posted September 19, 2022 (edited) If you haven't applied the latest Microsoft security patches, you need to do ASAP. Exchange server vulnerabilities are at the top of the list of exploits being deployed by hackers. Edited September 19, 2022 by itman Link to comment Share on other sites More sharing options...
pronto 6 Posted September 20, 2022 Author Share Posted September 20, 2022 12 hours ago, itman said: If you haven't applied the latest Microsoft security patches, you need to do ASAP. Exchange server vulnerabilities are at the top of the list of exploits being deployed by hackers. Thank you for your attention. Okay, the security patch from August was missing, we are up to date with the CU. But why does a match with an IP blacklist produce a red error? According to my information, ESET itself partly does not know which vulnerability was tried to be exploited. So far, they were always shown as resolved when the connection was finaly blocked. Thx in advanced & Bye Tom Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 20, 2022 Administrators Share Posted September 20, 2022 The IP is a known source of attacks: https://www.abuseipdb.com/check/91.72.187.242 Looks like the target and source IP addresses are swapped in the console, please check it direct on the client and report it to technical support, if they are swapped. Link to comment Share on other sites More sharing options...
Recommended Posts