Register now for better personalized quote!

New Exchange Server zero-day vulnerabilities are being used in cyberattacks: Protect your network now

Sep, 30, 2022 Hi-network.com
Image: Getty

Newly discovered zero-days in Microsoft Exchange Server are being used actively in cyberattacks.

The two zero-day vulnerabilities affect Microsoft Exchange Server 2013, 2016, and 2019, Microsoft Security Response Center (MSRC) has warned, after the exploits were disclosed by researchers at Vietnamese cybersecurity firm GTSC.

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

One (CVE-2022-41040) is a is a Server-Side Request Forgery (SSRF) vulnerability, an exploit that allows attackers to make server-side application requests from an unintended location -for example, allowing them to access internal services without being within the perimeter of the network. 

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

The other (CVE-2022-41082) allows remote code execution when PowerShell is accessible to the attacker. 

When combined, CVE-2022-4140 can allow attackers to trigger CVE-2022-41082 -although Microsoft notes that this is only possible if the attacker has also authenticated access to the vulnerable Exchange Server. 

Nonetheless, Microsoft says it's "aware of limited targeted attacks using the two vulnerabilities to get into users' systems" and that the company is working on an "accelerated timeline" to release a fix. 

To mitigate the vulnerabilities for now, on-premises Microsoft Exchange customers should review and apply URL Rewrite Instructions detailed in the alert and block exposed Remote PowerShell ports. Microsoft says Exchange Online customers don't need to take any action. 

"Microsoft Exchange Online has detections and mitigation in place to protect customers. Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers," the company said - however other cybersecurity researchers have suggested Microsoft Exchange Online customers could be affected.

Currently, there's no publicly disclosed information about who is being targeted by attacks exploiting the zero-day vulnerabilities or who could be behind the attacks. 

Microsoft Exchange Servers make a very tempting target for malicious hackers. Not only can attacks that successfully compromise Exchange be used to access sensitive information, they can also open the door to additional attacks -and victims might never be aware they've been targeted.

"We recommend all organizations/enterprises around the world that are using Microsoft Exchange Server to check, review, and apply the temporary remedy as soon as possible to avoid potential serious damages," said researchers at GTSC.  

MORE ON CYBERSECURITY

  • Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating
  • CISA: Switch to Microsoft Exchange Online 'Modern Auth' before October
  • Microsoft Patch Tuesday: 64 new vulnerabilities, including five critical ones
  • Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam
  • Microsoft: Take these three steps to protect your systems from ransomware

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.