Security On-Demand Received Top #21 Global Ranking in the 2022 MSP501 List. See the list here

Threat Advisory: Microsoft Exchange Server-Zero Day Vulnerabilities

Event Summary

Two Zero-Day vulnerabilities (previously undisclosed but now linked to  CVE-2022-41040 & CVE-2022-41082)  are currently exploited by attackers to get Authorized RCE access on Microsoft Exchange Servers (2013, 2016 and 2019)

Details

Product Affected Vulnerable Version CVE-CVSS Associated Risk / Details for vulnerability Recommendations
MS Exchange Server 2013 – 2016 – 2019 CVE-2022-41040

CVE-2022-41082

 

Authenticated server-side request forgery vulnerability in Microsoft Exchange Servers (2022-41040) with a CVSSv3 score of 6.6 and authenticated remote code execution vulnerability (2022-41082) assigned a CVSSv3 score of 8.8 The current Exchange Server mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns. Exchange Server customers should review and choose only one of the following three mitigation options.

 

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. At this time, SOD recommends applying vendor recommendations and actions immediately.

SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the usage of those vulnerabilities to exploit systems actively. Information about new IoCs and IoAs will be included proactively as part of the monitoring mechanism included on Threat Watch on their multiple service tiers.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Resources

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ – Microsoft Advisory

Vulnerabilities reported:

 

RECOMMENDED POSTS

High-Severity Flaws in Juniper Junos OS

(CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22244, CVE-2022-22245, CVE-2022-22246) Event Summary Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices (J-Web component of Juniper Networks

Read More