Security News > 2022 > September > Microsoft confirms new Exchange zero-days are used in attacks
Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.
"At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems."
Microsoft Exchange Online Customers do not need to take any action at the moment because the zero-days only impact on-premises Microsoft Exchange instances.
GTSC also suspects that a Chinese threat group might be responsible for the ongoing attacks based on the web shells' code page, a Microsoft character encoding for simplified Chinese.
Redmond has also confirmed mitigation measures shared yesterday by GTSC, whose security researchers also reported the two flaws to Microsoft privately through the Zero Day Initiative three weeks ago.
"On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports," Microsoft added.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)