Security News > 2022 > October > Microsoft Exchange server zero-day mitigation can be bypassed

Microsoft Exchange server zero-day mitigation can be bypassed
2022-10-03 14:21

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.

Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.

"As part of an advisory, Microsoft shared mitigations for on-premise servers and a strong recommendation for Exchange Server customers to"disable remote PowerShell access for non-admin users" in the organization.

Administrators can achieve the same result by running Microsoft's updated Exchange On-premises Mitigation Tool - a script that requires PowerShell 3 or later, needs to run with admin privileges, and runs on IIS 7.5 or newer.

Jang's finding has been tested by researchers at GTSC, who confirmed in a video today that Microsoft's mitigation does not provide sufficient protection.

CVE-2022-41082 has the same high-severity score but it can be used for remote code execution on vulnerable on-premise Microsoft Exchange Servers by an attacker with "Privileges that provide basic user capabilities".


News URL

https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
low complexity
microsoft CWE-502
8.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-918
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774