Microsoft updated the mitigation measures security teams should undertake for recently disclosed Exchange vulnerabilities that can lead to remote code execution after it was reported that previous measure can easily be bypassed.
Tracked as CVE-2022-41040 and CVE-2022-41082, the initial recommendations for the two vulnerabilities being referred to as “ProxyNotShell” were insufficient and were bypassed to exploit the bugs that were first disclosed by the Vietnamese security firm GTSC.
Microsoft later acknowledged the vulnerabilities, confirming in a post on its security blog that Microsoft Exchange Server 2013, 2016 and 2019 were affected by the Server-Side Request Forgery (CVE-2022-41040) and Remote Code Execution when PowerShell is accessible to the attacker (CVE-2022-41082).
Saying a fix was on an “accelerated schedule,” Microsoft adopted the guidance first proposed by GTSC to use URL Rewrite rules as a mitigation, but reports soon followed that they were easily bypassed.
Microsoft issued further guidance on Oct. 4 to improve the URL Rewrite rule and urged customers to review and apply one of the updated mitigation options:
October 5, 2022
SC StaffOctober 5, 2022
Supply chain attacks likely with already-patched Packagist flaw Threat actors could leverage an already-patched vulnerability in the Packagist PHP software package repository to facilitate supply chain attacks, reports The Hacker News.
Steve ZurierOctober 5, 2022
Four British researchers discovered the vulnerabilities, two of which were critical and could allow a malicious server to read user messages and impersonate devices.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.