Microsoft Exchange Zero-day Remote Code Execution Vulnerabilities
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Microsoft Exchange. A remote user can exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
[Updated on 2022-09-30] Microsoft stated that the two vulnerabilities were used for limited targeted attacks into users’ systems, the Risk Level has updated to High Risk.
[Updated on 2022-10-05] Microsoft updated the workaround for this issue.
[Updated on 2022-11-09] Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082 in Monthly Security Update for November 2022. Risk level has changed from High Risk to Medium Risk.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. For detail, please refer to the link below:
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Workaround:
Reduce the vulnerability of attacks by adding a rule to block requests with indicators of attack through the URL Rewrite Rule module on IIS server.
- In Autodiscover at FrontEnd, select tab URL Rewrite, and then Request Blocking.
- Add string “.*autodiscover\.json.*Powershell.*” to the URL Path.
- Condition input: Choose {REQUEST_URI}
Vulnerability Identifier
Source
Related Link
- https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
- https://www.bleepingcomputer.com/news/security/new-microsoft-exchange-zero-day-actively-exploited-in-attacks/
- https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
Related Tags
Share with
