Security News > 2022 > September > Microsoft confirms new Exchange zero-days are used in attacks
Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.
"At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems."
Microsoft Exchange Online Customers do not need to take any action at the moment because the zero-days only impact on-premises Microsoft Exchange instances.
GTSC also suspects that a Chinese threat group might be responsible for the ongoing attacks based on the web shells' code page, a Microsoft character encoding for simplified Chinese.
Redmond has also confirmed mitigation measures shared yesterday by GTSC, whose security researchers also reported the two flaws to Microsoft privately through the Zero Day Initiative three weeks ago.
"On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports," Microsoft added.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)