Skip to main content

Morning Folks

 

looks like on-prem v23.3.34 is uploaded

I’m installing it over lunch time today

 

John

 

soon as I installed the update M365 defender started throwing a fit
 

Here are the messages from Microsoft:
Microsoft 365 Defender has detected a security threat
 

 

Possible SpringShell exploitation attempt on one endpoint

"java.exe" -Dcatalina.home=./tomcat -Djava.io.tmpdir=./tomcat/temp -Dsysaid.home="C:\Program Files\SysAidServer" "-Xss256k" -XX:MaxPermSize=256m -XX:PermSize=128m -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Dlog4j2.formatMsgNoLookups=true -Xms16m -Xmx2048m -Djava.library.path="./lib" -classpath "./lib/wrapper.jar;./tomcat/bin/bootstrap.jar;./tomcat/bin/tomcat-juli.jar" -Dwrapper.key="ZyRO66Ll8V848Z2A" -Dwrapper.port=1777 -Dwrapper.service="TRUE" -Dwrapper.cpu.timeout="10" -Dwrapper.jvmid=1 com.silveregg.wrapper.WrapperStartStopApp org.apache.catalina.startup.Bootstrap 1 start org.apache.catalina.startup.Bootstrap true 1 stop

 

java.exe performed remote system discovery by invoking PING.EXE

teamViewerConnect.jsp - marked suspicious

NuboControlPanel.jsp - marked suspicious


C:\Program Files\SysAidServer\root\addons\office365\jsp\consume.jsp is also throwing an exception

 

 


Reply