Jump to content
Kaspersky Support Forum

KP Holland

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

    Never

 Content Type 

Posts posted by KP Holland

    virus message from our mailserver

    in Kaspersky Endpoint Security for Business

    Posted

    Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-08 13:29 CET
    Nmap scan report for srv-name (XXX.XXX.XXX.XXX)
    Host is up (0.0049s latency).
    Not shown: 970 filtered ports
    PORT     STATE SERVICE
    25/tcp   open  smtp
    80/tcp   open  http
    81/tcp   open  hosts2-ns
    110/tcp  open  pop3
    135/tcp  open  msrpc
    139/tcp  open  netbios-ssn
    143/tcp  open  imap
    443/tcp  open  https
    | http-vuln-cve2021-26855:
    |   VULNERABLE:
    |   Exchange Server SSRF Vulnerability
    |     State: VULNERABLE
    |     IDs:  CVE:CVE-2021-26855
    |     Description:
    |       Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010 are vulnerable to a SSRF via the X-AnonResource-Backend and X-BEResource cookies.
    |
    |     Disclosure date: 2021-03-02
    |     References:
    |       http://aka.ms/exchangevulns
    |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855
    444/tcp  open  snpp
    445/tcp  open  microsoft-ds
    465/tcp  open  smtps
    587/tcp  open  submission
    593/tcp  open  http-rpc-epmap
    808/tcp  open  ccproxy-http
    993/tcp  open  imaps
    995/tcp  open  pop3s
    1801/tcp open  msmq
    2103/tcp open  zephyr-clt
    2105/tcp open  eklogin
    2107/tcp open  msmq-mgmt
    2525/tcp open  ms-v-worlds
    3389/tcp open  ms-wbt-server
    5060/tcp open  sip
    5901/tcp open  vnc-1
    6001/tcp open  X11:1
    6005/tcp open  X11:5
    6006/tcp open  X11:6
    6007/tcp open  X11:7
    6009/tcp open  X11:9
    6547/tcp open  powerchuteplus
    MAC Address: 00:15:5D:04:65:07 (Microsoft)

    Nmap done: 1 IP address (1 host up) scanned in 7.93 seconds
     

    virus message from our mailserver

    in Kaspersky Endpoint Security for Business

    Posted

    We are getting this message (see red text) from our (onprimise) Microsoft Exchange 2016 server.  Is our windows server infected or is it a warning?

     

    Event "Probably infected object detected" has occurred on device SRV_NAME in Windows domain XXVYZ on Monday, March 8, 2021 11:06:04 AM (GMT+01:00) Probably infected object detected: Trojan HEUR:Exploit.Script.CVE-2021-26855.a. Object name: View_tools.aspx. User: SYSTEM

×
×
  • Create New...