New Microsoft Security Alert: Exchange 0-Days Confirmed, State-Sponsored Attacks Underway

Cybersecurity New Microsoft Security Alert: Exchange 0-Days Confirmed, State-Sponsored Attacks Underway Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber Following New! Follow this author to stay notified about their latest stories. Got it! Oct 1, 2022, 04:06am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Microsoft Exchange Server users should apply mitigations as attacks begin Getty Images Microsoft confirmed on September 30 that it is investigating two zero-day vulnerabilities that impact Exchange Server 2013, 2016 and 2019.

Between them, there are more than 200,000 installations in businesses worldwide. Microsoft goes on to warn that a single, likely state-sponsored, threat group has been confirmed as exploiting both vulnerabilities by chaining them together. Microsoft adds that the CVE-2022-41040 and CVE-2022-41082 chain attacks have facilitated “hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration.

” While Microsoft says, it has observed these attacks against ten organizations so far, given the Exchange Server user base and the fact that the vulnerabilities are now known, the potential for further attacks is great. MORE FROM FORBES New Microsoft Windows Zero-Day Attack Confirmed: Update Now By Davey Winder The risk is significant As such, Mike Walters, the vice-president of vulnerability and threat research at Action1, has warned that “the risk from these zero-days is significant” to many SME and enterprise companies with “vast amounts of critical data. ” Security Researchers at GTSC initially disclosed that attacks were underway.

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables remote code execution (RCE) via PowerShell. The former is being used to trigger the latter in a chain exploit if the attacker is authenticated at the user level in Exchange Server. CISA advises Exchange Server users and admins to act now Indeed, the Cybersecurity & Infrastructure Security Agency (CISA) has issued a statement urging both users and administrators to apply mitigations while awaiting an official patch from Microsoft.

Microsoft is working on releasing this as soon as possible, although a timescale has not yet been given. Microsoft has further confirmed that this impacts on-premise Exchange Server installations, and Exchange Online users are unaffected by the vulnerabilities. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Microsoft has released a script for on-premise users that will mitigate the exploited SSRF vector and has released an automatic URL rewrite mitigation for users of the Exchange Server Emergency Mitigation Service.

MORE FROM FORBES Google Confirms 20 New Chrome Security Problems, 5 High-Rated: Update Now By Davey Winder Follow me on Twitter or LinkedIn . Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.