Good news!
Microsoft may not have released the appropriate patch yet. Two new zero-day vulnerabilities It has been exploited in “limited and targeted attacks” against Microsoft Exchange users. Mitigation Help protect your organization.
Bad news!
Security researchers believe that Microsoft’s mitigations bypassed.
It is here video Researcher Will Dormann provides a demonstration of how the CVE-2022-41040 and CVE-2022-41082 vulnerability mitigations can be circumvented.
However, the added good news is that it is impossible for an unauthenticated user to remotely exploit the security hole. This means that a hacker trying to attack your on-premises Exchange servers must already have compromised one of your accounts. , or the user’s computer connecting to Exchange may have become infected with malware that exploits this flaw.
Additionally, previous reports suggest that the attack relied on triggering PowerShell commands, so blocking TCP ports 5985 and 5986 on the Exchange server would limit the attack’s potential.
Good news and bad news aside, it would be great if Microsoft could release a working security patch ASAP.
Did you find this article interesting? Follow Graham Cluley on Twitter To read more about the exclusive content we post.