Microsoft has confirmed the existence of two zero-day vulnerabilities in Microsoft Exchange – and they’re already being used to launch cyberattacks against organisations.
The software and cloud computing giant acknowledged what Vietnamese cybersecurity company GTSC had previously announced: that there are indeed two major Exchange vulnerabilities and that they’re being exploited in the wild.
“Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019,” the company said.
“The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. “
The company then ominously added: “At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.
In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.
It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.”
The blog post went on to say that Microsoft was “monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers.”
Microsoft said it’s now “working on an accelerated timeline to release a fix” but, until then, it provided “mitigations and detections guidance” in order to “help customers protect themselves from these attacks.”
A representative from Microsoft couldn’t be reached by CRN US for additional comment.
Cybersecurity researcher Kevin Beaumont suggested there’s more cyberactivity related to the Exchange vulnerabilities than Microsoft might be acknowledging.
�� There’s reports emerging that a new zero day exists in Microsoft Exchange, and is being actively exploited in the wild ��
— Kevin Beaumont (@GossiTheDog) September 29, 2022
I can confirm significant numbers of Exchange servers have been backdoored - including a honeypot.
Thread to track issue follows:
In an interview with CRN US, Martin Zugec, technical solutions director at Bitdiscovery, a cybersecurity vendor said he’s “not surprised” that bad actors are taking advantages of vulnerabilities in the popular Microsoft Exchange.
“They are looking for targets that are massively deployed,” he said.
He added of cybercriminals in general: “They are going to identify the software components that are deployed massively in all of networks.
They are then deploying these automated scanners to find the vulnerable systems.”
