'%20x='0'%20y='0'%20height='100%25'%20width='100%25'%20%0A%20%20%20%20%20%20%20%20%20%20xlink%3Ahref='data:image/jpg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wgARCAAGAAoDASIAAhEBAxEB/8QAFgABAQEAAAAAAAAAAAAAAAAAAAYI/8QAFQEBAQAAAAAAAAAAAAAAAAAAAwT/2gAMAwEAAhADEAAAANEUJQH/xAAcEAACAgMBAQAAAAAAAAAAAAADBQECBAYRECL/2gAIAQEAAT8AeJdmPta3MVuBBTCsOcnDt2sk5b65MR5//8QAGBEAAgMAAAAAAAAAAAAAAAAAAAIBAxH/2gAIAQIBAT8AunUQ/8QAGBEAAgMAAAAAAAAAAAAAAAAAAAIBAxH/2gAIAQMBAT8AqjGc/9k='%3E%3C/image%3E%3C/svg%3E)
The Microsoft Exchange Server CVE-2022-41040 and CVE-2022-41082 vulnerabilities surfaced a few days back and the company has already confirmed that attackers are exploiting these zero-day issues. The security team at the Redmond-based tech establishment is yet to solve these bypasses in the code, which were first confirmed on September 29.
Before the company comes up with a fruitful fix to the discovery exploits, the team is rolling out a few mitagations as part of their customer guidance program to slow down the attackers' progress.
On October 2, the security team passed out a mitigation urging Microsoft Exchange Server users to disable remote PowerShell access for non-admin users. Apart from this, the company has also rolled out a URL Rewrite mitigation and other options that could break the attack chains adopted by the hackers.
Trending
What are the Microsoft Exchange Server vulnerabilities and whom are they currently affecting?
The reported vulnerabilities have been spotted in Microsoft Exchange Server 2019, 2016, and 2013. The first among the two exploits, the CVE-2022-41040 is a Server-Side Request Forgery (SSRF) issue.
THe Microsoft security team has identified the other vulnerability, CVE-2022-41082, as a Remote Code Execution (RCE) issue. This exploit allows attackers to remotely gain keyboard access as it unlocks the PowerShell.
The first exploit can be used to initiate the second vulnerability. On the bright side, however, the attacks need to have authenticated access to the Exchange Server.
Unfortunately, authenticated access can be gained via phishing attacks and brute-force servers. Profiles with such access are also available for purchase on underground hacker forums on the dark web.
The security team is still working on a patch to solve the potential vulnerabilities. In a blog post, the Security Response Center at Microsoft said the following:
"Microsoft Exchange Online has detections and mitigations to protect customers. As always, Microsoft is monitoring these detections for malicious activity and we’ll respond accordingly if necessary to protect customers."
Who needs to take the steps to prevent attackers from stealing critical information?
Before Microsoft releases a patch to resolve the issue, users will have to manually apply some of the mitigations outlined by the MSRC to stop probable attacks. The company has confirmed that they are working on an active fix and applying the mitigations will have no effect on the normal functioning of the services.
The steps on how to apply these fixes are outlined in a blog post from the MSRC team. The team is constantly updating the post with new mitigations, updates, and instructions regarding the issue.
However, it is worth noting that Exchange Online customers do not have to take any action; they can continue with regular usage.
The discovered Exchange Server vulnerabilities are quite dangerous, to say the least. Microsoft should work and implement a patch as soon as possible.
