October 2, 2022

Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild

Microsoft claims that in August 2022, a threat group gained initial access and compromised Exchange servers by chaining the two recently discovered zero-day flaws in a narrow range of attacks.

The 0-Day Vulnerabilities

• CVE-2022-41040 (CVSS 3.1: 8.8, High Severity) – A Server-Side Request Forgery (SSRF) vulnerability,
• CVE-2022-41082 (CVSS 3.1: 8.8, High Severity) – Exchange vulnerability, allowing Remote Code Execution (RCE) when the attacker has access to PowerShell.

These vulnerabilities allow attackers to get access to a victim’s systems, drop web shells, and leverage lateral movement to move around the vulnerable network.
These vulnerabilities may be exploited without administrator credentials by any email user.

Vulnerable Products

Microsoft Exchange Server 2013/2016/2019.

Mitigation

CYREBRO recommends implementing the latest available Microsoft instructions which are currently being discussed publicly and are successful in breaking current attack chains.

References: Microsoft Security Response Center.