Cybersecurity researchers have discovered a new zero-day vulnerability that has surfaced in Microsoft’s Exchange mail servers and has already been exploited by bad actors.
The as-yet-unnamed vulnerability has been detailed by cybersecurity provider GTSC, although information about the exploit is still being collected. It is considered a zero-day vulnerability due to the fact that public access to the flaw was apparent before a fix could be made available.
? Reports indicate that a new zero day exists in Microsoft Exchange and is being actively exploited in the wild ?
I can confirm that a significant number of Exchange servers were hijacked, including a honeypot.
The thread to track the issue follows:
— Kevin Beaumont (@GossiTheDog) September 29, 2022
News of the vulnerability was first submitted to Microsoft through its Zero Day Initiative program on Thursday, September 29, detailing that exploits for CVE-2022-41040 and CVE-2022-41082 malware “could allow an attacker to execute code remotely on affected Microsoft Exchange servers, according to Trend Micro.
Microsoft said Friday it was “working on an accelerated schedule” to address the zero-day vulnerability and create a fix. However, researcher Kevin Beaumont confirmed on Twitter that the flaw was used by nefarious gamers to gain access to the back-ends of multiple Exchange servers.
With exploitation already in the wild, there are many opportunities for businesses and government entities to be attacked by bad actors. This is because Exchange servers depend on the internet and cutting connections would reduce the productivity of many organizations, Travis Smith, vice president of malware threat research at Qualys, told Protocol.
While details on exactly how CVE-2022-41040 and CVE-2022-41082 malware work are unknown, several researchers have noted similarities with other vulnerabilities. These include the Apache Log4j flaw and the “ProxyShell” vulnerability, both of which have remote code execution in common. In fact, several researchers confused the new vulnerability with ProxyShell until it was clear that the old flaw was up to date on all its patches. This clearly showed that CVE-2022-41040 and CVE-2022-41082 are completely new and never-before-seen vulnerabilities.
“If this is true, what this tells you is that even some of the security practices and procedures used today are insufficient. They come back to the inherent vulnerabilities in the code and the software that are at the root of this IT ecosystem”, Roger Cressey, former member of cybersecurity and counterterrorism for the Clinton and Bush White Houses, told DigitalTrends.
“If you have a dominant position in the market, you find yourself whenever there is an exploitation that you think you have solved, but it turns out that there are others associated with it that appear. when you least expect it. And the exchange is not exactly the poster child for what I would call a safe and secure offering,” he added.
Malware and zero-day vulnerabilities are a fairly constant reality for all tech companies. However, Microsoft has honed its ability to identify and resolve issues, and make patches available for vulnerabilities following an attack.
According to the CISA Vulnerability Catalog, Microsoft Systems has been subject to 238 cybersecurity vulnerabilities since the start of the year, representing 30% of all vulnerabilities discovered. These attacks include those against other major tech brands, including Apple iOS, Google Chrome, Adobe Systems, and Linux, among others.
“There are a lot of technology computing companies that have zero days that are discovered and exploited by adversaries. The problem is that Microsoft has been so successful in dominating the market that when their vulnerabilities are discovered, the cascading impact that “it has in terms of scale and scope is incredibly important. And so when Microsoft sneezes, the critical infrastructure world catches a bad cold and it seems like a repetitive process here,” Cressey said.
Follina (CVE-2022-30190) was one of those zero-day vulnerabilities addressed earlier this year, which allowed hackers to access the Microsoft Support Diagnostic Tool (MSDT). This tool is usually associated with Microsoft Office and Microsoft Word. Hackers were able to exploit it to gain access to a computer’s back-end, granting them permission to install programs, create new user accounts, and manipulate data on a device.
Early reports of the vulnerability’s existence have been patched with workarounds. However, Microsoft stepped in with a permanent software fix once hackers began using the information they gathered to target the Tibetan diaspora and US and European government agencies.
Editors’ Recommendations
#Vulnerability #tricks #researchers #mimicking #threats #Digital #trends