365NEWSX
365NEWSX
Subscribe

Welcome

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer

Microsoft confirms new Exchange zero-days are used in attacks - BleepingComputer
Sep 30, 2022 1 min, 31 secs

How to remove the PBlock+ adware browser extension.

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

How to install the Microsoft Visual C++ 2015 Runtime

How to open an elevated PowerShell Admin prompt in Windows 10

How to remove a Trojan, Virus, Worm, or other Malware

Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild

"The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," Microsoft said

"At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems."

According to Vietnamese cybersecurity outfit GTSC, who first reported the ongoing attacks, the zero-days are chained to deploy Chinese Chopper web shells for persistence and data theft and to move laterally through the victims' networks

GTSC also suspects that a Chinese threat group might be responsible for the ongoing attacks based on the web shells' code page, a Microsoft character encoding for simplified Chinese

"On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports," Microsoft added

Since the threat actors can also gain access to PowerShell Remoting on exposed and vulnerable Exchange servers for remote code execution via CVE-2022-41082 exploitation, Microsoft also advises admins to block the following Remote PowerShell ports to hinder the attacks:

GTSC said yesterday that admins who want to check if their Exchange servers have already been compromised could run the following PowerShell command to scan IIS log files for indicators of compromise:

New Microsoft Exchange zero-days actively exploited in attacks

New Microsoft Exchange zero-days actively exploited in attacks

Summarized by 365NEWSX ROBOTS

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED