Detecting Exchange Servers and Proxy Log Vulnerabilities

Trent Micro's Saturday initiative currently lists two unpatched Exchange vulnerabilities with a CVSS score of 8.8 as well as 6.3. GTSC found a web shell installed on the compromised server, which is something that was also done with the original proxy logon vulnerability. So far, there is no official statement from Microsoft about this. If you're not up to date with patches, assume the server is compromised and for detection, kitty Nichols pointed out rules to detect the proxy log on exploit.