1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of Microsoft Exchange servers are still vulnerable to t

    From TechnologyDaily@1337:1/100 to All on Wed Jan 4 11:30:03 2023
    Thousands of Microsoft Exchange servers are still vulnerable to this
    dangerous flaw

    Date:
    Wed, 04 Jan 2023 11:26:24 +0000

    Description:
    A Microsoft patch has been available for months now, but tens of thousands of endpoints are still vulnerable.

    FULL STORY ======================================================================

    Tens of thousands of Microsoft Exchange servers are still vulnerable to a high-severity flaw used in ProxyNotShell exploits, researchers have warned.

    Cybersecurity researchers Shadowserver Foundation said almost 70,000 IPs were vulnerable to CVE-2022-41082, a remote code execution (RCE) vulnerability patched in early November last year.

    At press time, Shadowservers data are showing at least 57,000 vulnerable IPs, although the information comes with a disclaimer that results were calculated by summing counts of unique IPs, which means that a unique IP may have been counted more than once. Mitigations and patches

    Any figures should be treated as indicative rather than exact, Shadowserver said - however declining figures could be an indication of a positive trend.

    There are two high-severity vulnerabilities that were dubbed ProxyNotShell - the abovementioned CVE-2022-41082, and CVE-2022-41040, an elevation of privilege flaw that was also patched in early November. The affected
    endpoints include Exchange Server 2013, 2016, and 2019.

    While there are mitigations available, researchers are urging IT pros to
    apply the patch instead, as the mitigations can be worked around. One report from BleepingComputer saw ransomware operators using a newly-discovered exploit chain to bypass certain ProxyNotShell mitigations and execute malicious code remotely on target devices. Read more

    Microsoft Exchange servers are being hacked to deploy ransomware


    More Microsoft Exchange zero-days exploited in the wild


    Here's our rundown of the best endpoint protection software right now

    Exchange servers are valuable to hackers, and as such are often targeted. For example, the infamous LockBit group was recently caught deploying malware via compromised Exchange Servers. Last summer, two servers belonging to one company were infected with LockBit 3.0. As per the report, the attackers
    first deployed web shell, then escalated privileges to Active Directory admin a week later, stole some 1.3 TB of data, and encrypted systems hosted on the network.

    Late last year, researchers uncovered a malicious campaign attempting to exploit the already-fixed ProxyShell vulnerability in Microsoft Exchange,
    too. Check out the best firewalls today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/thousands-of-microsoft-exchange-servers-are-sti ll-vulnerable-to-this-dangerous-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)