Thousands of Microsoft Exchange servers are still vulnerable to this dangerous flaw

By Scott Marlette Last updated Jan 4, 2023

Tens of thousands of Microsoft Exchange servers (opens in new tab) are still vulnerable to a high-severity flaw used in ProxyNotShell exploits, researchers have warned.

Cybersecurity researchers Shadowserver Foundation said almost 70,000 IPs were vulnerable to CVE-2022-41082, a remote code execution (RCE) vulnerability patched in early November last year.

At press time, Shadowserver’s data are showing at least 57,000 vulnerable IPs, although the information comes with a disclaimer that results were “calculated by summing counts of unique IPs, which means that a “unique” IP may have been counted more than once”.

Mitigations and patches

“Any figures should be treated as indicative rather than exact,” Shadowserver said – however declining figures could be an indication of a positive trend.

There are two high-severity vulnerabilities that were dubbed ProxyNotShell – the abovementioned CVE-2022-41082, and CVE-2022-41040, an elevation of privilege flaw that was also patched in early November. The affected endpoints include Exchange Server 2013, 2016, and 2019.

While there are mitigations available, researchers are urging IT pros to apply the patch instead, as the mitigations can be worked around. One report from BleepingComputer saw ransomware operators using a newly-discovered exploit chain to bypass certain ProxyNotShell mitigations and execute malicious code remotely on target devices.

Exchange servers are valuable to hackers, and as such are often targeted. For example, the infamous LockBit group was recently caught deploying malware via compromised Exchange Servers. Last summer, two servers belonging to one company were infected with LockBit 3.0. As per the report, the attackers first deployed web shell, then escalated privileges to Active Directory admin a week later, stole some 1.3 TB of data, and encrypted systems hosted on the network.

Late last year, researchers uncovered a malicious campaign attempting to exploit the already-fixed ProxyShell vulnerability in Microsoft Exchange, too.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.