In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were able to identify three MS Exchange vulnerabilities, including one (ProxyLogon) that enabled them to perform a server-side request forgery that allowed them to obtain admin access by sending a crafted web request. Volexity identified this exploit in early … More
The post Is it OK to publish PoC exploits for vulnerabilities and patches? appeared first on Help Net Security.