New Microsoft Security Alert: State-Sponsored 0Day Exchange Server Attacks Confirmed – Forbes

Microsoft confirmed on September 30 that it is investigating two zero-day vulnerabilities that impact Exchange Server 2013, 2016 and 2019. Between them, there are more than 200,000 installations in businesses worldwide. Microsoft goes on to warn that a single, likely state-sponsored, threat group has been confirmed as exploiting both vulnerabilities by chaining them together. Microsoft adds that the CVE-2022-41040 and CVE-2022-41082 chain attacks have facilitated “hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration.” While Microsoft says, it has observed these attacks against ten organizations so far, given the Exchange Server user base and the fact that the vulnerabilities are now known, the potential for further attacks is great.

MORE FROM FORBESNew Microsoft Windows Zero-Day Attack Confirmed: Update Now

The risk is significant

As such, Mike Walters, the vice-president of vulnerability and threat research at Action1, has warned that “the risk from these zero-days is significant” to many SME and enterprise companies with “vast amounts of critical data.” Security Researchers at GTSC initially disclosed that attacks were underway.

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables remote code execution (RCE) via PowerShell. The former is being used to trigger the latter in a chain exploit if the attacker is authenticated at the user level in Exchange Server.

CISA advises Exchange Server users and admins to act now

Indeed, the Cybersecurity & Infrastructure Security Agency (CISA) has issued a statement urging both users and administrators to apply mitigations while awaiting an official patch from Microsoft. Microsoft is working on releasing this as soon as possible, although a timescale has not yet been given. Microsoft has further confirmed that this impacts on-premise Exchange Server installations, and Exchange Online users are unaffected by the vulnerabilities.

MORE FOR YOU

Microsoft has released a script for on-premise users that will mitigate the exploited SSRF vector and has released an automatic URL rewrite mitigation for users of the Exchange Server Emergency Mitigation Service.

MORE FROM FORBESGoogle Confirms 20 New Chrome Security Problems, 5 High-Rated: Update Now

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Companies That Offer Remote Work From Home Jobs in 2022 – Tech.co

Next Post

Steganography alert: Backdoor spyware stashed in Microsoft logo – The Register

Related Posts