Microsoft issues advisory about two 0-day vulnerabilities in Exchange Server, no fix yet

Microsoft Exchange Server just can't seem to catch a break. Last year, the company warned about widespread attacks on on-premises servers and rushed to detail mitigations and release security updates within weeks. Now, it seems that the software is once again under attack via two 0-day vulnerabilities.

Microsoft Exchange logo monochrome with red outer glow on dark background

As is usually the case, Exchange Online customers are not affected and don't need to do anything. The vulnerabilities apply to on-premises installations of Exchange Server 2013, 2016, and 2019.

The two vulnerabilities are tagged CVE-2022-41040 and CVE-2022-41082, respectively. The former is a Server-Side Request Forgery (SSRF) vulnerability while the latter enables a malicious actor to carry out remote code execution (RCE) attacks via PowerShell. That said, an attacker would need authenticated access to Exchange Server to leverage either of the two vulnerabilities.

Since there is no patch available yet, Microsoft understandably hasn't gone into the details of the attack chain. That said, it has noted a couple of mitigations which involve adding a blocking rule in URL Rewrite Instructions and blocking ports 5985 (HTTP) and 5986 (HTTPS) which are utilized by Remote PowerShell.

Unfortunately, there are no specific hunting queries available for Microsoft Sentinel and Microsoft Defender for Endpoint can only detect post-exploitation activities, which also includes the detection of the "Chopper" web shell malware that has been spotted in in-the-wild attacks. Microsoft has assured customers that it is working on an "accelerated timeline" for a fix, but has not disclosed a tentative patch release date as of yet. You can find more details about mitigations and detections for the 0-day vulnerabilities here.

Report a problem with article
MSI Ventus RTX 3080 12GB
Next Article

GPU deals: Grab this limited offer Nvidia RTX 3080 12GB for just $700

edge canary
Previous Article

Edge Canary on Windows is now getting two updates per day

3 Comments - Add comment

Advertisement