December 3, 2022

COSFONE

Networking, PBX, IT, DIY Solution

Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately

3 min read

Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately



 

Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately.

Microsoft has confirmed that two unpatched Exchange server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks.

Vietnamese cybersecurity firm GTSC, which first discovered the flaws in August 2022 as part of its response to customer cybersecurity incidents, said the two zero-day flaws had been used in attacks on its customers’ environments for a limited time. Backdated to early August 2022.

 

The two vulnerabilities, identified as CVE-2022-41040, are a server-side request forgery (SSRF) vulnerability, while the second was identified as a server-side request forgery (SSRF) vulnerability, Microsoft Security Response Center (MRSC) said in a blog post late Thursday.

CVE-2022-41082, when PowerShell is accessed by an attacker, allows remote code execution on a vulnerable server.

 

“Currently, Microsoft believes that the targeted attacks exploiting these two vulnerabilities to gain access to user systems are limited,” Microsoft noted, noting that an attacker would need authenticated access to the vulnerable Exchange server, such as stealing credentials, to successfully exploit either of the two vulnerabilities , which affects Microsoft Exchange Server 2013, 2016, and 2019 on-premises.

 

Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately

 

 

Microsoft did not share any further details about the attacks, and security firm Trend Micro gave the two vulnerabilities a severity rating of 8.8 and 6.3 out of 10.

 

However, the GTSC reported that cybercriminals tied the two vulnerabilities together to create backdoors on victims’ systems and also move laterally within the attacked network.

After successfully mastering the vulnerability, it is possible to gather information and establish a foothold in the victim’s system.

 

Security researcher Kevin Beaumont, one of the first to discuss the GTSC findings in a series of tweets on Thursday, said he was aware of the vulnerability “actively exploited externally” and that he “can confirm that a large number of Exchange The server has been compromised”.

 

Microsoft declined to say when the patch will be available, but noted in its blog post that the upcoming fix is ​​on an “accelerated schedule.”

 

Until then, the company advises customers to follow the temporary mitigation shared by GTSC, which includes adding a block rule in IIS Manager.

The company noted that Exchange Online customers do not need to take any action at this time because the zero-day event only affects internal Exchange servers.

 

 

 

More details:

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

 

 



Copyright © All rights reserved. | Newsphere by AF themes.