365NEWSX
365NEWSX
Subscribe

Welcome

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer
Sep 30, 2022 1 min, 31 secs

How to remove the PBlock+ adware browser extension.

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

How to install the Microsoft Visual C++ 2015 Runtime

How to open an elevated PowerShell Admin prompt in Windows 10

How to remove a Trojan, Virus, Worm, or other Malware

Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild

"The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," Microsoft said

"At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems."

According to Vietnamese cybersecurity outfit GTSC, who first reported the ongoing attacks, the zero-days are chained to deploy Chinese Chopper web shells for persistence and data theft and to move laterally through the victims' networks

GTSC also suspects that a Chinese threat group might be responsible for the ongoing attacks based on the web shells' code page, a Microsoft character encoding for simplified Chinese

"On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports," Microsoft added

Since the threat actors can also gain access to PowerShell Remoting on exposed and vulnerable Exchange servers for remote code execution via CVE-2022-41082 exploitation, Microsoft also advises admins to block the following Remote PowerShell ports to hinder the attacks:

GTSC said yesterday that admins who want to check if their Exchange servers have already been compromised could run the following PowerShell command to scan IIS log files for indicators of compromise:

New Microsoft Exchange zero-days actively exploited in attacks

New Microsoft Exchange zero-days actively exploited in attacks


1 US flu outbreak: 6MILLION Americans have been infected by flu and 3,000 have died - Daily Mail

Nov 30, 2022 # politics 1 min, 12 secs

2 Wow! Artemis 1 Orion spacecraft captures live view of Earth and moon from deep space (video) - Space.com

Nov 28, 2022 # science 1 min, 0 secs

3 Apple will pay up to $395 to people with broken MacBook butterfly keyboards - Ars Technica

Nov 30, 2022 # technology 57 secs

4 China protests could usher in 'more authoritarian' Xi era, analyst says - CNBC

Nov 28, 2022 # politics 45 secs

5 The real 'Cocaine Bear' story: Behind the 'coke-fueled rampage for blow — and blood' - New York Post

Dec 02, 2022 # entertainment 1 min, 4 secs

6 'M2 Max' Geekbench Scores Leak Online, Revealing Rumored Specs and Performance - MacRumors

Nov 30, 2022 # technology 43 secs

7 World of Warcraft: Dragonflight Review in Progress - IGN

Dec 02, 2022 # technology 1 min, 48 secs

8 Police searching for Christopher Keeley, wanted for killing Marshfield couple Carl and Vicki Mattson - CBS Boston

Dec 01, 2022 # politics 1 min, 3 secs

9 ‘Black Panther: Wakanda Forever’ Leaps To $676M WW; ‘Strange World’ Inanimate – International Box Office - Deadline

Nov 27, 2022 # entertainment 1 min, 18 secs

10 At capacity hospitals in Cincinnati request EMS diversions - The Cincinnati Enquirer

Nov 28, 2022 # health 32 secs

11 Dijak Wrestles First Match On WWE NXT In Over Two Years - Wrestling Inc.

Nov 30, 2022 # entertainment 26 secs

12 Sharon Stone, 64, commands attention in a quirky pink feathered suit at The Red Sea Film Festival - Daily Mail

Dec 02, 2022 # politics 1 min, 32 secs

13 Trouble Sleeping? You Could Be at Risk of Type 2 Diabetes - Neuroscience News

Dec 02, 2022 # health 1 min, 17 secs

14 Regulatory filings suggest Nvidia’s scrapped RTX 4080 will return as the “4070 Ti” - Ars Technica

Nov 28, 2022 # technology 47 secs

15 Chris Hemsworth Reassures Fans Alzheimer's Shock Doesn't Mean Retirement - Man of Many

Nov 30, 2022 # health 59 secs

16 Biden seeks overhaul of presidential nominating calendar, bumping Iowa - Des Moines Register

Dec 02, 2022 # politics 2 mins, 53 secs
SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2022 365NEWSX - All RIGHTS RESERVED