Two new hitherto unknown vulnerabilities affect the security of Exchange servers, Microsoft Security Response Center (MSRC) has just warned, after the publication of a report by researchers from the Vietnamese cybersecurity company GTSC. A worrying news in view of the precedents.
Last year, the discovery of four flaws called Proxylogon in this messaging and calendaring service resulted in a massive exploitation of these vulnerabilities. Anssi had then counted 15,000 Exchange servers exposed, ie as many gateways open to future malicious actions.
Two vulnerabilities that can be combined
Microsoft Exchange servers are indeed a very tempting target for hackers. Not only can attacks that succeed in compromising Exchange be used to gain access to sensitive information, they can also open the door to other attacks, where victims may never find out they were targeted.
In detail, the first vulnerability discovered (CVE-2022-41040) is an SSRF (Server-Side Request Forgery) flaw. It allows attackers to make server-side requests from an unintended location. For example, by allowing them to access internal services without being within the perimeter of the network.
The second vulnerability (CVE-2022-41082) allows remote code execution when PowerShell, the command line interface, is accessible to the attacker. The two vulnerabilities can be combined: the first can allow attackers to use the second.
Fix in preparation
Microsoft said it is working on an “accelerated schedule” to release a fix. Arrangements to be made in the meantime are detailed in an alert. It is recommended to block exposed remote PowerShell ports.
However, Microsoft Exchange Online customers do not need to take these steps. “Microsoft Exchange Online has monitoring and mitigations in place to protect customers,” the company said.
Currently, there is no information about attacks that exploited these two vulnerabilities. For their part, the GTSC researchers who discovered the two faults recommend applying the mitigation measures “as soon as possible, to avoid serious potential damage”.
Source: ZDNet.com