microsoft is investigating two zero-day vulnerabilities in Exchange that they would currently be the target of several attacks, for which reason it has ensured that it is working on a patch that will solve them.
The two vulnerabilities affect Microsoft Exchange Server 2013, 2016 and 2019, identified as zero-day, that is, it has been Discovered by cybercriminals before the provider of the service and still does not have a solution.
The first of them has been registered as CVE-2022-41040, as a server-side request forgery (SSRF) vulnerability, while the second, CVE-2022-41082, would allow remote code execution when the attacker can access PowerShell.
What the tech company highlights on the Security Response Center blog is that the first vulnerability would allow the attacker to authenticate to the system to remotely activate the second. Microsoft has also acknowledged that it has detected targeted attacks against both vulnerabilities.
There is currently no fix for the vulnerability, but Microsoft says it is working on it and, in the meantime, trusts its systems to detect and mitigate malicious activity that could affect its customers.
The security firm GTSC identified in August an infrastructure that was being attacked taking advantage of the vulnerabilities that Microsoft reviews, as collected on TechCrunch.
In their analysis, GTSC researchers explain that while they were able to mitigate it for this client, “the attack team also used various techniques to create back doors in the affected system and perform lateral movements to other servers in the system.
Source: Europa Press
