1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More Microsoft Exchange zero-days exploited in the wild

    From TechnologyDaily@1337:1/100 to All on Mon Oct 3 14:45:04 2022
    More Microsoft Exchange zero-days exploited in the wild

    Date:
    Mon, 03 Oct 2022 13:38:19 +0000

    Description:
    Researchers believe Chinese hackers are using them, but mitigations are available.

    FULL STORY ======================================================================

    Two more zero-day vulnerabilities found in different versions of Microsoft Exchange Server are being exploited in the wild, the company has confirmed.

    According to recent customer guidance that Microsoft released for reported zero days, a server-side request forgery (SSRF) flaw, and remote code execution (RCE) flaw, were identified as being used by threat actors.

    The vulnerabilities were present in Microsoft Exchange Server 2013, 2016, and 2019 endpoints . Chained flaws

    "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," Microsoft explained. "At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems."

    Exploiting the SSRF flaw isnt as easy, though, as the attack can only be pulled off by attackers that were authenticated by the target system. Only then can they exploit the RCE flaw, too.

    Whats more, Exchange Online users are not exposed to any risks, the company confirmed, as its security team already placed detections and mitigations.

    "Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers, the company added. We are working on an accelerated timeline to release a fix. Read more

    This dangerous Microsoft Office zero-day is now being exploited in the wild


    Microsoft just fixed a whole load of serious security flaws, so patch now


    These are the best antivirus tools right now

    While Microsoft did not say who might be exploiting these flaws right now, BleepingComputer found GTSC, a Vietnamese cybersecurity firm, laying the
    blame on a Chinese threat actor. Apparently, the zero-days were being used to deploy China Chopper web shells for persistence, as well as data
    exfiltration. The same company also published mitigation measures that Microsoft subsequently confirmed.

    "On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell
    ports," Microsoft said. "The current mitigation is to add a blocking rule in "IIS Manager -> Default Web Site -> Autodiscover -> URL Rewrite -> Actions"
    to block the known attack patterns." Check out the best firewalls out there

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-microsoft-exchange-zero-days-exploited-in- the-wild/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)