Cybersecurity researchers have discovered a new vulnerability that has appeared in Microsoft Exchange email servers and has already been exploited by malicious actors.
The yet-to-be-named vulnerability is detailed by GTSC Cyber Security Vendor, although information about the exploitation continues to be collected. The vulnerability is considered a “zero day” due to the fact that public access to the flaw was apparent before the patch was made available.
🚨 Reports have emerged of a new zero-day in Microsoft Exchange, and it is being actively exploited in the wild 🚨
I can be sure there are backdoors to a large number of Exchange servers – including a magnet.
Follow the thread to track the problem:
And the[مدش]. Kevin Beaumont (@GossiTheDog) September 29, 2022
News of the vulnerability was first reported to Microsoft through its Zero Day Initiative last Thursday, September 29, which details that the CVE-2022-41040 and CVE-2022-41082 malware vulnerabilities “may allow an attacker the ability to execute code Remotely on Microsoft Exchange servers are affected, according to Trend Micro.
Microsoft said Friday that it is “working on an accelerated schedule” to address the zero-day vulnerability and create a patch. However, researcher Kevin Beaumont confirmed on Twitter that the flaw was used by nefarious players to gain access to the back ends of many Exchange servers.
With exploitation already in the wild, there are ample opportunities for businesses and government agencies to be attacked by bad actors. This is due to the fact that Exchange servers depend on the Internet and cutting off connections will cut across the productivity of many organizations, said Travis Smith, Vice President of Malware Threat Research at Qualys, protocol.
While the details of how the CVE-2022-41040 and CVE-2022-41082 malware work are unknown, several researchers have pointed out similarities with other vulnerabilities. These include the Apache Log4j vulnerability and the “ProxyShell” vulnerability, both of which share remote code execution. In fact, many researchers Wrong with the new weakness For ProxyShell until it was clarified that the old bug was up to date in all of its patches. This made it clear that CVE-2022-41040 and CVE-2022-41082 are completely new vulnerabilities that had never been seen before.
“If this is true, then what it tells you is that even some of the security practices and procedures that are in use today are insufficient. They go back to weaknesses inherent in the code and software that are the basis for this. IT System,” Roger Cressi, A former member of cybersecurity and counterterrorism at the Clintons and the Bush White Houses, he told DigitalTrends.
“If you have a dominant position in the market, then you wind up whenever there is an exploit that you think you have solved, but it turns out there are other instances associated with it that appear when you least expect it. Nor is the exchange exactly the poster child of what I would call a safe offer. and safe.”
Malware and zero-day exploits are a fairly consistent reality for all tech companies. However, Microsoft has perfected its ability to identify and remedy problems, and to enable patching for vulnerabilities in the aftermath of an attack.
according to CISA . Vulnerabilities CatalogMicrosoft Systems has experienced 238 cybersecurity flaws since the beginning of the year, which is 30% of all discovered vulnerabilities. These attacks include those targeting other major tech brands including Apple iOS, Google Chrome, Adobe Systems, Linux, and many more.
“There are a lot of technology IT companies that do not have days to be discovered and exploited by adversaries. The problem is that Microsoft has succeeded in controlling the market to the point that when its weaknesses are discovered, the ripple effect of it in terms of scale and scope is unimaginably large. So when Microsoft sneezes, the critical infrastructure world catches a really bad cold and that seems to be an iterative process here,” Chrissy said.
One of these zero-day vulnerabilities is that Solved Earlier this year it was Follina (CVE-2022-30190), which gave hackers access to the Microsoft Support Diagnostic Tool (MSDT). This tool is most commonly associated with Microsoft Office and Microsoft Word. was a pirate able to exploit To access the backend of a computer, give them permission to install programs, create new user accounts, and manipulate the data on the device.
Early accounts of the vulnerability were addressed through workarounds. However, Microsoft intervened with a permanent software fix once hackers began using the information they collected to target the Tibetan diaspora, US government agencies, and the European Union.