Microsoft Exchange finds itself being updated repeatedly in a short span after the January discovery of suspect activity from a reportedly Chinese APT. Several CVE’s have been documented including the use of a Server Side Request Forgery (SSRF) vulnerability. There are new scripts out that are available to the public that can be used to scan and test systems facing the WAN.
If an attacker wants to enumerate mail exchange server data there are multiple tools available, given that domain names are a good place to start. This might fall under the Open Source Intelligence Gathering category known as OSINT. One free tool that is available with minimal installation is Maltego. Through the use of transformations on a domain name it may become easy to discover the information for mail exchange servers.
While SSRF style attacks are being circumvented in big cloud providers like AWS and Azure, it is interesting to note that this vulnerability does not affect Office 365 customers. Being relegated to on premise installations of Microsoft Exchange might be used for some information systems departments to consider the transition to online services as the rapid development of Microsoft’s hosted platform appears to be a higher priority than the continued support for Exchange.