In a blog post, Vietnamese security company GTSC noted that they saw evidence of a new “ProxyShell” like vulnerability being exploited in the wild. The evidence came from compromised Exchange servers GTSC observed when responding to incidents [1]. Later, Trend Micro confirmed that two vulnerabilities tracked by Trend Micro’s zero-day initiative were involved in the compromise described by GTSC [2]. Trend Micro had reported the vulnerabilities to Microsoft about a month ago.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center