Blocking Exchange CVE-2022-41040 Attacks via HAProxy

If you’re using Microsoft Exchange on-premise and you want to protect your setup against the recent CVE-2022-41040 and CVE-2022-41082 zero-day vulnerabilities, you can follow Microsoft’s instructions to set up a rewrite rule in IIS. If your Exchange setup is behind HAProxy, you can also block the requests at the proxy level. This is especially useful …

Blocking Exchange CVE-2022-41040 Attacks via HAProxy Read More »

Reverse-Engineering macOS Server APNS Push Certificate Retrieval

Since many years, I’m running my own email server, based on self-written SMTP and IMAP services, a MySQL database backend and a PHP-based webmail frontend. Ever since Apple released iPhone OS supporting push e-mail, I’ve been interested in getting it to work with my own email stack. My journey led me to Apple Open Source …

Reverse-Engineering macOS Server APNS Push Certificate Retrieval Read More »

CVE-2022-31877: Privilege Escalation in MSI Center

Missing input validation and missing authentication allow attackers with the ability to connect to TCP/IP ports on localhost:26822 (e.g. any low-privileged user space process) to download and/or launch arbitraty executables with elevated privileges.

Welcome!

Welcome to my new blog! I’m going to use this blog as a collection of notes I consider interesting. The first blog post after this one has been migrated from my old, non-maintained blog hosted on Blogger.com.