Security News > 2022 > October > Microsoft Exchange server zero-day mitigation can be bypassed
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.
Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.
"As part of an advisory, Microsoft shared mitigations for on-premise servers and a strong recommendation for Exchange Server customers to"disable remote PowerShell access for non-admin users" in the organization.
Administrators can achieve the same result by running Microsoft's updated Exchange On-premises Mitigation Tool - a script that requires PowerShell 3 or later, needs to run with admin privileges, and runs on IIS 7.5 or newer.
Jang's finding has been tested by researchers at GTSC, who confirmed in a video today that Microsoft's mitigation does not provide sufficient protection.
CVE-2022-41082 has the same high-severity score but it can be used for remote code execution on vulnerable on-premise Microsoft Exchange Servers by an attacker with "Privileges that provide basic user capabilities".
News URL
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2022-10-03 | CVE-2022-41040 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 |