Security News > 2022 > September > Stop us if you've heard this one before: Exchange Server zero-days actively exploited

Security researchers have warned a zero-day flaw in Microsoft's Exchange server is being actively exploited.

A second flaw, ZDI-CAN-18802, is rated 6.3/10. "Details of the flaws are scanty, with GTSC's post detailing its observations of webshells with Chinese characteristics being dropped onto Exchange servers. Those webshells then"injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through the Windows Management Instrumentation Command line.

The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL. Microsoft patches critical remote-code-exec hole in Exchange Server and others.

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches.

There's reports emerging that a new zero day exists in Microsoft Exchange, and is being actively exploited in the wild ????. I can confirm significant numbers of Exchange servers have been backdoored - including a honeypot.

Scarcely a month passes without Microsoft finding other Exchange flaws felt worthy of a Patch Tuesday patch, but the software giant has also recently pledged to improve the server's security by adopting zero-trust principles for connections to the product.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/30/exchange_server_zero_day/