Microsoft Exchange zero-day flaws expose 22,000 servers
Cybersecurity News, Malware & Exploits,

Microsoft Exchange zero-day flaws expose 22,000 servers

October 11, 2022
Microsoft Exchange zero-day flaws

Microsoft has announced that two critical vulnerabilities in its Exchange application are being exploited by attackers. The company also explained that more than 22,000 servers worldwide are affected.

“​​At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users” systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082,”members of the Microsoft Security Response Center team wrote.

The new vulnerabilities include CVE-2022-41040, a server-side request forgery vulnerability, and CVE-2022-41082, which allows remote code execution when PowerShell is accessible to the attacker.

The vulnerability affects on-premises Exchange servers and not Microsoft Exchange service. However, many companies use Microsoft’s cloud offering with an offering that uses a mix of on-premise and cloud hardware.

According to o GSTC, attackers exploit zero-day to infect servers with webshells, a text interface that allows them to issue commands. The company webshells contain simplified Chinese characters suggesting that the hackers are fluent in Chinese.

Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including advanced, persistent threat groups supported by the People’s Republic of China.

The installed malware emulates Microsoft’s Exchange Web Service and also connects to IP address 137[.]184[.]67[.]33, which is binary encrypted.

The malware then sends and receives data encrypted with an RC4 encryption key, which is generated at runtime.

Everyone running on-premises Exchange servers are advised to take immediate action by applying a lock rule that prevents servers from accepting known attack patterns. The rule can be applied by going to ‘IIS Manager > Default Web Site > URL Rewrite > Actions.”

Microsoft also recommends that users block HTTP port 5986, which attackers must exploit to use CVE-2022-41082. It is important that companies adopt other security measures to prevent their servers from being exploited by attackers.

The sources for this piece include an article in ArsTechnica.

Summary
Microsoft Exchange zero-day flaws expose 22,000 servers
Article Name
Microsoft Exchange zero-day flaws expose 22,000 servers
Description
Microsoft has announced that two critical vulnerabilities in its Exchange application are being exploited by attackers.
Author
Publisher Name
Tuxcare
Publisher Logo

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

Hackers exploit DLL hijacking flaw...

Attackers are using phishing tactics to spread QBot, a Windows...

November 28, 2022

Apple patch iOS and macOS...

Apple has released security updates for iOS, iPadOS, and macOS...

November 25, 2022

Worok, the malware that hides...

Worok malware makes the rounds by deploying multi-level malware designed...

November 24, 2022

IceXLoader malware targets home and...

IceXLoader, an updated version of a malware loader, is suspected...

November 23, 2022

Hackers exploit security flaw in...

A security researcher, David Schütz has received a $70,000 bug...

November 22, 2022

Microsoft patches Windows 0-day...

Microsoft has fixed six actively exploited Windows vulnerabilities and 68...

November 21, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching