[MART] - Daily Diary #606 - Two New Vulnerabilities Disclosed in Microsoft Exchange
ctas-mat at appgate.com
ctas-mat at appgate.com
Fri Sep 30 21:38:06 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
09/30/2022 - Diary entry #606:
This week, Microsoft confirmed two new zero-day vulnerabilities in the Microsoft Exchange server being exploited in the wild. The vulnerabilities affect on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019.
The first vulnerability, tracked under CVE-2022-41040, is an authenticated Server-Side Request Forgery (SSRF) vulnerability. Without many technical details published, the exploitation of this vulnerability allows privilege escalation.
The second, tracked under CVE-2022-41082, is an authenticated RCE vulnerability, allowing authenticated users to execute code in the compromised server by making a request with a special crafted string to enable remote PowerShell.
Until a security update that addresses this vulnerability is available, it's recommended that system administrators add the string “.autodiscover.json. at .Powershell.“ to Request Blocking on the Exchange front-end and blocking the ports 5985 and 5986, used for remote PowerShell.
When compared to the Proxy-Shell vulnerability, this one has the downside of needing an authenticated user to be able to exploit it - making it less probable to be exploited. Nevertheless, we highly recommend any organization using on-premises exchange servers to apply the remediation patches, and keep the appliance always up-to-date and in a segmented network, minimizing the impact of any incident in that server.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
MART
Malware Analysis and Research Team
Appgate
E: <mailto:felipe.tarijon at appgate.com> ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220930/2d9de300/attachment.htm>
More information about the MART
mailing list