Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
Microsoft Exchange
What an attacker could do
Reaching the eDiscovery ExportTool ClickOnce manifest fingerprints the Exchange build and signals the server is internet-facing, helping attackers chain CVE-2021-26855 (ProxyLogon) or CVE-2022-41040/41082 (ProxyShell) for unauthenticated RCE and mailbox takeover.
How to defend it
Apply current Exchange cumulative updates and security patches, restrict ECP/OWA exposure to a VPN or reverse proxy, and disable Exchange Online PowerShell or legacy ClickOnce paths that are not in use.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation