3.5 C
London
Thursday, December 8, 2022

Microsoft says two new zero-day bugs in Exchange are under active attack, but no immediate fix • londonbusinessblog.com

Must read

Philips Hue bulbs are 20 percent off Amazon when you buy three

Whether you want to decorate your home with colorful smart bulbs or you're looking for that perfect holiday gift, Philips Hue bulbs are bursting...

5 things companies can do to pay attention to customers

Businesses exist because of customers. Your business cannot survive without a customer base. Regardless of your business type, taking care of customers...

Here are the best international roaming plans offered by Airtel, Reliance Jio and Vi

When visiting abroad, it is important to have an international roaming plan. AirtelReliance Jio and Vi have introduced different plans with different benefits...

FaZe Rug’s Net Worth, Girlfriend, Age. How old is FaZe Rug?

Who is FaZe Rug? Brian Awadis, also known as FaZe Rug, is a 24-year-old social media personality, professional gamer and vlogger who earns six figures...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Microsoft has confirmed that two unpatched zero-day vulnerabilities of Exchange Server are being exploited by cybercriminals in real-world attacks.

Vietnamese cybersecurity company GTSC, which first discovered The shortcomings of its response to a customer’s cybersecurity incident, in August 2022, said the two zero-days have been used in attacks on their customers’ environments dating back to early August 2022.

Microsoft’s Security Response Center (MRSC) said in a blog post late Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker.

“At this point, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” the tech giant confirmed.

Microsoft noted that an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit one of two vulnerabilities that affect the local Microsoft Exchange Server 2013, 2016 and 2019.

Microsoft did not share any further details about the attacks and declined to answer our questions. Security firm Trend Micro gave the two vulnerabilities a severity rating of 8.8 and 6.3 out of 10.

However, GTSC reports that cybercriminals have chained the two vulnerabilities together to create backdoors on the victim’s system and also move sideways through the compromised network. “After we mastered the exploit, we recorded attacks to gather intelligence and gain a foothold in the victim’s system,” GTSC said.

GTSC said it suspects a Chinese threat group is responsible for the ongoing attacks because the web shell code page uses character encoding for simplified Chinese. The attackers also deployed the China Chopper web shell in permanent remote access attacks, a backdoor often used by Chinese state-sponsored hacking groups.

Security researcher Kevin Beaumont, who was one of the first to discuss GTSC’s findings in a series of tweets on Thursday, said he is aware of the vulnerability “actively being exploited in the wild” and that he can “confirm that significant numbers of Exchange servers have been given backdoors.”

Microsoft declined to say when patches would become available, but noted in its blog that the upcoming fix is ​​on an “accelerated timeline.”

Until then, the company recommends that customers follow the temporary mitigations shared by GTSC, which involves adding a block rule in IIS Manager. The company noted that Exchange Online customers do not need to take any action at this time because the zero-days only affect on-premise Exchange servers.


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Philips Hue bulbs are 20 percent off Amazon when you buy three

Whether you want to decorate your home with colorful smart bulbs or you're looking for that perfect holiday gift, Philips Hue bulbs are bursting...

5 things companies can do to pay attention to customers

Businesses exist because of customers. Your business cannot survive without a customer base. Regardless of your business type, taking care of customers...

Here are the best international roaming plans offered by Airtel, Reliance Jio and Vi

When visiting abroad, it is important to have an international roaming plan. AirtelReliance Jio and Vi have introduced different plans with different benefits...

FaZe Rug’s Net Worth, Girlfriend, Age. How old is FaZe Rug?

Who is FaZe Rug? Brian Awadis, also known as FaZe Rug, is a 24-year-old social media personality, professional gamer and vlogger who earns six figures...

Jeremy Erlich- Wiki, age, height, net worth, girlfriend, ethnicity

Jeremy Erlich is a well-known American investor, world leader, businessman, media personality and entrepreneur from California. This amazing man is known in the...