30 Sep. (Portaltic/EP) –
microsoft is investigating two zero-day vulnerabilities in Exchange that they would currently be the target of several attacks, for which reason it has ensured that it is working on a patch that will solve them.
The two vulnerabilities affect Microsoft Exchange Server 2013, 2016 and 2019, identified as zero-day, that is, it has been Discovered by cybercriminals before the provider of the service and still does not have a solution.
The first of them has been registered as CVE-2022-41040, as a server-side request forgery (SSRF) vulnerability, while the second, CVE-2022-41082, would allow remote code execution when the attacker can access PowerShell.
What the technology company highlights in the blog of the Security Response Center is that the first vulnerability would allow the attacker to authenticate to the system to remotely activate the second. Microsoft has also acknowledged that it has detected targeted attacks against both vulnerabilities.
There is currently no fix for the vulnerability, but Microsoft says it is working on it and, in the meantime, trusts its systems to detect and mitigate malicious activity that could affect its customers.
signature of GTSC security identified in August an infrastructure that was being attacked taking advantage of the vulnerabilities that Microsoft reviews, as collected in TechCrunch.
In their analysis, GTSC researchers explain that while they were able to mitigate it for this client, “the attack team also used various techniques to create back doors in the affected system and perform lateral movements to other servers in the system.