In the last week, Microsoft have published about a significant zero day vulnerability in Exchange Server - you can read about it here. This attack required a valid username and password for one of the vulnerabilities to be executed. Microsoft have advised in their security guidance to disable RemotePowerShell for non-admins. In their article on Controlling remote … [Read more...]