Cybercriminals have exploited two 0-day Exchange Server vulnerabilities in real-life attacks as a result of unpatched Exchange Server zero-day vulnerabilities that have not been patched, as confirmed by Microsoft.
Back in August 2022, the Vietnamese security company GTSC was the first one to discover that Microsoft Exchange had vulnerabilities.
Starting in early August 2022, these two zero-day vulnerabilities had been exploited by the attackers to attack their customers’ environments.
The two vulnerabilities identified are as follows:-
CVE-2022-41040: It is a Server-Side Request Forgery (SSRF) vulnerability with 8.8 severity score out of 10.CVE-2022-41082: This flaw allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker. And this flaw has achived a score of 6.3 out of 10.
Based on recent reports, Microsoft is aware of a limited number of targeted attacks used to breach users’ systems by exploiting these vulnerabilities.
In order to exploit either of the two vulnerabilities successfully, an attacker would need to have access to an Exchange Server that is vulnerable.
Microsoft Exchange Server 2013, 2016, and 2019 are all affected by these vulnerabilities which have an impact on on-premises deployments.
By exploiting these vulnerabilities successfully, hackers are able to accomplish the following things:-
Infiltrate the victim’s computer systemObtain a web shell and install itTravel in a sideways direction through the compromised network
While apart from this, Microsoft has claimed that they are steadily working to release a fix as soon as possible. However, there are protections built into Microsoft Exchange Online that enable customers to be protected from risks like these.