October 2, 2022
Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild
Microsoft claims that in August 2022, a threat group gained initial access and compromised Exchange servers by chaining the two recently discovered zero-day flaws in a narrow range of attacks.
The 0-Day Vulnerabilities
- CVE-2022-41040 (CVSS 3.1: 8.8, High Severity) – A Server-Side Request Forgery (SSRF) vulnerability,
- CVE-2022-41082 (CVSS 3.1: 8.8, High Severity) – Exchange vulnerability, allowing Remote Code Execution (RCE) when the attacker has access to PowerShell.
These vulnerabilities allow attackers to get access to a victim’s systems, drop web shells, and leverage lateral movement to move around the vulnerable network.
These vulnerabilities may be exploited without administrator credentials by any email user.
Microsoft Exchange Server 2013/2016/2019.
CYREBRO recommends implementing the latest available Microsoft instructions which are currently being discussed publicly and are successful in breaking current attack chains.
References: Microsoft Security Response Center.