Comment by technion
14 hours ago
The first example I looked at was haute-sorne.ch, which is reported by this tool as "Self hosted/other". Whilst it's true that they appear to self host, https://mails.haute-sorne.ch will land you on a Microsoft Exchange server, patch level 15.2.1748.39.
This is better than typical, being an October 2025 patch. But that leaves open CVE-2025-64667, CVE-2025-64666 and CVE-2026-21527. Which are vulnerabilities with patches out going back months.
Now are these RCEs? No, but this was also the first example I looked at.
No comments yet
Contribute on Hacker News ↗