New Microsoft Exchange Vulnerabilities Exploited
The software and cloud computing company acknowledged what Vietnamese cybersecurity company GTSC had previously announced: that there are indeed two major Exchange vulnerabilities and that they’re being exploited in the wild.
Microsoft has confirmed the existence of two zero-day vulnerabilities in Microsoft Exchange – and they’re already being used to launch cyberattacks against organizations.
The software and cloud computing company acknowledged what Vietnamese cybersecurity company GTSC had previously announced: that there are indeed two major Exchange vulnerabilities and that they’re being exploited in the wild.
“Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019,” the Redmond, Wash.-based company said in its post.
Read also
Elon Musk clinches deal to buy Twitter for $44 billion
“The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. “
The company then ominously added: “At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.
It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.”
PomPak: Pakistan launches first e-learning financial literacy game
The blog post went on to say that Microsoft was “monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers.”
Microsoft said it’s now “working on an accelerated timeline to release a fix” but, until then, it provided “mitigations and detections guidance” in its blog post in order to “help customers protect themselves from these attacks.”
On Twitter, cybersecurity researcher Kevin Beaumont suggested there’s more cyber activity related to the Exchange vulnerabilities than Microsoft might be acknowledging.
“I can confirm significant numbers of Exchange servers have been backdoored – including a honeypot,” he said.
Earlier this week, Bleeping Computer reported that GTSC “suspects that a Chinese threat group is responsible for the attacks based on the web shells‘ code page, a Microsoft character encoding for simplified Chinese.”
In an interview with CRN US, Martin Zugec, technical solutions director at Bitdiscovery, a cybersecurity vendor based in Bucharest, Romania and with offices in the U.S., said he’s “not surprised” that bad actors are taking advantage of vulnerabilities in the popular Microsoft Exchange.
He added of cybercriminals in general: “They are going to identify the software components that are deployed massively in all of the networks. They are then deploying these automated scanners to find the vulnerable systems.”