[MART] - Daily Diary #606 - Two New Vulnerabilities Disclosed in Microsoft Exchange

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Sep 30 21:38:06 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

09/30/2022 - Diary entry #606:

This week, Microsoft confirmed two new zero-day vulnerabilities in the Microsoft Exchange server being exploited in the wild. The vulnerabilities affect on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019.

The first vulnerability, tracked under CVE-2022-41040, is an authenticated Server-Side Request Forgery (SSRF) vulnerability. Without many technical details published, the exploitation of this vulnerability allows privilege escalation.

The second, tracked under CVE-2022-41082, is an authenticated RCE vulnerability, allowing authenticated users to execute code in the compromised server by making a request with a special crafted string to enable remote PowerShell.

Until a security update that addresses this vulnerability is available, it's recommended that system administrators add the string “.autodiscover.json. at .Powershell.“ to Request Blocking on the Exchange front-end and blocking the ports 5985 and 5986, used for remote PowerShell.

When compared to the Proxy-Shell vulnerability, this one has the downside of needing an authenticated user to be able to exploit it - making it less probable to be exploited. Nevertheless, we highly recommend any organization using on-premises exchange servers to apply the remediation patches, and keep the appliance always up-to-date and in a segmented network, minimizing the impact of any incident in that server.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: <mailto:felipe.tarijon at appgate.com> ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220930/2d9de300/attachment.htm>

More information about the MART mailing list