Trend micro it11/14/2022 “I am calling this ProxyNotShell, as it is the same path and SSRF/RCE pair from back then… but with authentication.” Security researcher Kevin Beaumont says that it appears the ProxyShell patches from early 2021 did not fix the issue. GTSC’s researchers initially thought that the attackers were exploiting the ProxyShell vulnerability, but further analysis proved that the targeted MS Exchange servers were up-to-date with the patches, so the theory of ProxyShell being exploited was discarded. “Microsoft Exchange Online has detections and mitigation in place to protect customers,” Microsoft said, but urged admins of on-prem installations of Exchange Server to implement mitigations, which include adding a blocking rule and blocking some ports. Unfortunately, even though the Vietnamese researchers notified Microsoft (via Trend Micro’s Zero Day Initiative) about the flaws several weeks ago, there are no patches yet. The vulnerabilities affect Microsoft Exchange Server versions 2013, 2016, and 2019. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.” In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. “At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems. Trend micro it code#News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About the vulnerabilities (CVE-2022-41040, CVE-2022-41082)ĬVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 allows remote code execution when PowerShell is accessible to the attacker, Microsoft explained. Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |