Microsoft Exchange attack: Temporary solution to patch zero-day flaw can be bypassed

Microsoft recently confirmed that it is aware and now working on patching two zero-day vulnerabilities on Microsoft Exchange server that were used to carry out limited targeted attacks. The company also released the Exchange Emergency Mitigation Service (EEMS) mitigation in order to slow down hackers’ progress in stealing user data, however, security researchers have claimed that the temporary solution used to plug the attacks can be easily bypassed.
What is the vulnerability?
Two zero-day vulnerabilities – CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) – were first reported by GTSC. The Vietnamese platform reported that these vulnerabilities were being used by hackers to attack Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
GTSC suspects that the attack came from a Chinese attack group as the attacker uses Antsword – an active Chinese-based open source cross-platform website administration tool.

How are Microsoft Exchange customers affected?
Microsoft confirmed the attack and said that by using these vulnerabilities, hackers were able to gain hands-on-keyboard access, conduct Active Directory reconnaissance and steal sensitive data. The company also says that the actor launched attacks “in fewer than 10 organisations” around the world.
“We are working on an accelerated timeline to release a fix. Until then, we’re providing mitigations and the detections guidance below to help customers protect themselves from these attacks,” the company said. It also recommended Exchange Server customers to “disable remote PowerShell access for non-admin users” in the organisation.

Microsoft’s temporary solution not efficient enough
Vietnam-based security researcher Jang has claimed Microsoft’s solution for preventing the exploitation of the zero-day vulnerabilities is not efficient and can be bypassed with little effort. His thoughts were echoed by vulnerability analyst Will Dormann and cybersecurity expert Kevin Beaumont.
In fact, Jang’s finding has been tested by researchers at GTSC, who also say that Microsoft’s mitigation does not provide sufficient protection against the vulnerabilities.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.