By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

SEPTEMBER 30, 2022 19:35 GMT

This alert from Pillr is intended to brief users and administrators on newly discovered threats, vulnerabilities, and critical software updates.

Mitigation guidance has been provided while Microsoft develops a full patch.

Background

Microsoft is investigating two zero-day vulnerabilities being actively exploited against Exchange servers. When chained together, an authenticated attacker may perform a Remote Code Execution against Exchange. Mitigation steps have been provided.

Vulnerability Details

Microsoft is actively investigating targeted attacks using CVE-2022-41040, a Server-Side Request Forgery (SSRF), and CVE-2022-41082, which allows an authenticated attacker with access to PowerShell to perform a Remote Code Execution attack.

Impacted platforms: Microsoft Exchange Server 2013, 2016, and 2019.

Currently, authentication is required to perform this exploit chain.

Mitigation

Consult the linked Microsoft advisory for the current mitigation guidance, as well as Sentinel and MS365 detections. Apply the countermeasures appropriate to your environment.

Currently, Exchange Online customers need not take action to mitigate these vulnerabilities.

Continue to monitor the status of the recommended mitigation steps until a full patch is released.

Since there is an authentication requirement to this attack, account and password management best practices may provide additional protection for your environment.

Resources

  1. Current Microsoft Advisory:
    https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
  2. BleepingComputer Article:
    https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/

Previous Post

Weekly Top Ten Cybersecurity Stories – 9.30.2022

Next Post

Micro Focus Training and Certification

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.