Security News > 2022 > October > MS Exchange zero-days: The calm before the storm?

CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA's Known Exploited Vulnerabilities Catalog.

Mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

CVE-2022-41040 and CVE-2022-41082 have been publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities.

Microsoft says its threat analysts observed "Activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks," and that the attackers breached fewer than 10 organizations globally.

Microsoft says, "Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker."

Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised.

News URL

https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/