- CrowdStrike’s Falcon Overwatch has discovered a malicious framework that targets Microsoft Exchange servers but it can also run under IIS web applications. It can let attackers discover relevant machines on networks, steal credentials, delete files & directories, and exfiltrate valuable data.
- Does Liferay use any of these servers or web applications that can be vulnerable to it?
- Liferay DXP 7.0+
- As Liferay doesn't use Microsoft Exchange or IIS web servers, it is not vulnerable to this exploit
- We also don't use any Microsoft technologies in the GCP (Google Cloud Platform) backend either, so LXC environments are safe as well