Security News > 2022 > September > Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
2022-09-30 09:47

Attackers are leveraging two zero-day vulnerabilities to breach Microsoft Exchange servers.

"At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities."

"Microsoft Exchange Online has detections and mitigation in place to protect customers," Microsoft said, but urged admins of on-prem installations of Exchange Server to implement mitigations, which include adding a blocking rule and blocking some ports.

GTSC's researchers initially thought that the attackers were exploiting the ProxyShell vulnerability, but further analysis proved that the targeted MS Exchange servers were up-to-date with the patches, so the theory of ProxyShell being exploited was discarded.

GTSC's researchers discovered the attacks at the beginning of August, and say that the attackers ultimate goal was to "Create backdoors on the affected system and perform lateral movements to other servers in the system."

"A quick sweep of the internet suggests a lot of organisations haven't yet patched for ProxyShell, which is understandable given how Exchange patching works," Beaumont noted, and found that there are nearly 250,000 vulnerable Exchange servers exposed on the internet.


News URL

https://www.helpnetsecurity.com/2022/09/30/cve-2022-41040-cve-2022-41082/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
0.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399