Regístrese ahora para una mejor cotización personalizada!

Microsoft: New Exchange Server zero-days already used in attacks, expect more to come

Oct, 03, 2022 Hi-network.com
Image: Getty Images/iStockphoto

Microsoft has warned that attackers are already taking advantage of recently disclosed zero-day exploits to hack into victim's networks and steal data -and more attacks are likely to be on the way.

The two new zero-day vulnerabilities in Microsoft Exchange Server -- CVE-2022-41040 and CVE-2022-41082 -- were detailed last week, with warnings that they could allow hackers to remotely gain access to internal services and execute remote code on networks. 

Now Microsoft has provided more information on how the vulnerabilities have already been used -in attacks that first started in August. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

In what's described as a "small number of targeted attacks", the CVE-2022-41040 and CVE-2022-41082 vulnerabilities were chained together to provide attackers with "hands-on-keyboard access", which was used to perform Active Directory reconnaissance and to steal data. The victims haven't been publicly disclosed.

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

The attacks require the attacker to be an authenticated user, but it's possible to gain access to these credentials with phishing attacks, brute force attacks or buying stolen usernames and passwords from underground forums. 

While there's currently no specific indications as to who's behind these attacks, Microsoft's Security Threat Intelligence Team (MSTIC) "assesses with medium confidence" that they're the work of a single activity group connected to a state-sponsored cyber operation. 

Microsoft says it's working on what it describes as an "accelerated timeline" to release a security fix for the vulnerability -although it has yet to emerge. 

But since the vulnerability has been publicly disclosed, it's likely that hacking operations are already moving to take advantage of it before a patch becomes available, with Microsoft warning that "overall exploitation of these vulnerabilities will increase". 

Previous Microsoft Exchange vulnerabilities were featured in a variety of cyberattacks, including state-sponsored cyber-espionage campaigns, ransomware operations and cryptojacking attacks as attackers rushed to exploit the vulnerabilities before organisations had a chance to apply the patch. 

The United States Cybersecurity & Infrastructure Security Agency (CISA) has also issued a warning that attackers could exploit the latest Microsoft Exchange Server vulnerabilities. 

While a patch is yet to become available, Microsoft has provided guidance on mitigating the threat, including the recommendation that Exchange Server customers disable remote PowerShell access for non-admin users. 

"CISA encourages users and administrators to review the information from Microsoft and apply the necessary mitigations until patches are made available," said a CISA alert. 

MORE ON CYBERSECURITY

  • Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating
  • CISA: Switch to Microsoft Exchange Online 'Modern Auth' before October
  • Microsoft Patch Tuesday: 64 new vulnerabilities, including five critical ones
  • Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam
  • Microsoft: Take these three steps to protect your systems from ransomware

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.