THE Microsoft confirmed this Thursday (29) the existence of two vulnerabilities in the Exchange Server. Both flaws are already being used for attacks by hackers and cybercriminals. The company says the solution is being developed on an “accelerated schedule” but has not set a date for releasing the fix.
The flaws were discovered by Vietnamese cybersecurity firm GTSC. The company was working in response to an incident reported by a customer in August 2022 when it identified the vulnerabilities.
One of the failures received code CVE-2022-41040. It is a server-side request forgery (SSRF) type. The other was called CVE-2022-41082 and allows an attacker with access to the PowerShell execute codes remotely.
Microsoft says bad actors need authenticated access, such as stolen credentials, to take advantage of vulnerabilities. They affect on-premises servers running Exchange 2013, 2016, and 2019.
GTSC, however, reports that cybercriminals were able to unite the two flaws and attack “sideways” the network, using a compromised machine to gain access to other connected ones.
Security company Trend Micro rated the vulnerability severity at 8.8 and 6.3, on a scale from zero to ten, with ten being the most severe.
Microsoft hasn’t released a fix yet.
Microsoft Exchange is a corporate email service for companies that can be installed on the servers themselves.
Despite acknowledging the flaws, Microsoft has only made available mitigations and detections so that consumers can protect themselves from the vulnerabilities.
The company says it works on an “accelerated schedule” to clear the repair.
Microsoft’s suggested mitigation walkthrough is available at Microsoft Security Response Center blog.
For detection, the company suggests Sentinel, Defender for Endpoint, and Defender Antivirus tools, all of its own.
Chinese hackers may be behind attacks
GTSC suspects that a Chinese group may be behind the attacks suffered by its customers.
One reason for this is that the webshell codepage (or codepage) uses encoding for Chinese characters.
In addition, the attackers used the China Chopper webshell, common in Chinese state-supported attacks.
With information: Microsoft Security Response Center, TechCrunch.