Security News > 2022 > October > Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds
2022-10-05 05:31

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed.

The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year.

In-the-wild attacks abusing the shortcomings have chained the two flaws to gain remote code execution on compromised servers with elevated privileges, leading to the deployment of web shells.

To reduce the risk of exploitation, the company also shared temporary workarounds that are designed to restrict known attack patterns through a rule in the IIS Manager.

Microsoft has since revised the URL Rewrite rule to take this into account -.

It's not immediately clear when Microsoft plans to push a patch for the two vulnerabilities, but it's possible that they could be shipped as part of Patch Tuesday updates next week on October 11, 2022.


News URL

https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
low complexity
microsoft CWE-502
8.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-918
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774