Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately
3 min readMicrosoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately
- Huawei Mate 60 Pro Makes Satellite Calls: Only US$0.18/minute
- Huawei Mate60 Pro: First Smart Phone Supports Satellite Calls
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Microsoft: New Exchange zero-day vulnerabilities were actively exploited but not fixed immediately.
Microsoft has confirmed that two unpatched Exchange server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks.
Vietnamese cybersecurity firm GTSC, which first discovered the flaws in August 2022 as part of its response to customer cybersecurity incidents, said the two zero-day flaws had been used in attacks on its customers’ environments for a limited time. Backdated to early August 2022.
The two vulnerabilities, identified as CVE-2022-41040, are a server-side request forgery (SSRF) vulnerability, while the second was identified as a server-side request forgery (SSRF) vulnerability, Microsoft Security Response Center (MRSC) said in a blog post late Thursday.
CVE-2022-41082, when PowerShell is accessed by an attacker, allows remote code execution on a vulnerable server.
“Currently, Microsoft believes that the targeted attacks exploiting these two vulnerabilities to gain access to user systems are limited,” Microsoft noted, noting that an attacker would need authenticated access to the vulnerable Exchange server, such as stealing credentials, to successfully exploit either of the two vulnerabilities , which affects Microsoft Exchange Server 2013, 2016, and 2019 on-premises.
Microsoft did not share any further details about the attacks, and security firm Trend Micro gave the two vulnerabilities a severity rating of 8.8 and 6.3 out of 10.
However, the GTSC reported that cybercriminals tied the two vulnerabilities together to create backdoors on victims’ systems and also move laterally within the attacked network.
After successfully mastering the vulnerability, it is possible to gather information and establish a foothold in the victim’s system.
Security researcher Kevin Beaumont, one of the first to discuss the GTSC findings in a series of tweets on Thursday, said he was aware of the vulnerability “actively exploited externally” and that he “can confirm that a large number of Exchange The server has been compromised”.
Microsoft declined to say when the patch will be available, but noted in its blog post that the upcoming fix is on an “accelerated schedule.”
Until then, the company advises customers to follow the temporary mitigation shared by GTSC, which includes adding a block rule in IIS Manager.
The company noted that Exchange Online customers do not need to take any action at this time because the zero-day event only affects internal Exchange servers.
More details:
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?
