Microsoft Exchange Zero-day Remote Code Execution Vulnerabilities
Last Update Date: 5 Oct 2022 Release Date: 30 Sep 2022
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Microsoft Exchange. A remote user can exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Notes: No patch is currently available.
[Updated on 2022-09-30] Microsoft stated that the two vulnerabilities were used for limited targeted attacks into users’ systems, the Risk Level has updated to High Risk.
[Updated on 2022-10-05] Microsoft updated the workaround for this issue.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Solutions
Workaround:
Reduce the vulnerability of attacks by adding a rule to block requests with indicators of attack through the URL Rewrite Rule module on IIS server.
- In Autodiscover at FrontEnd, select tab URL Rewrite, and then Request Blocking.
- Add string “.*autodiscover\.json.*Powershell.*” to the URL Path.
- Condition input: Choose {REQUEST_URI}
Vulnerability Identifier
Source
Related Link
- https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
- https://www.bleepingcomputer.com/news/security/new-microsoft-exchange-zero-day-actively-exploited-in-attacks/
- https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
沒有留言:
發佈留言