Cybercriminals have exploited two 0-day Exchange Server vulnerabilities in real-life attacks as a result of unpatched Exchange Server zero-day vulnerabilities that have not been patched, as confirmed by Microsoft.
Back in August 2022, the Vietnamese security company GTSC was the first one to discover that Microsoft Exchange had vulnerabilities.
Starting in early August 2022, these two zero-day vulnerabilities had been exploited by the attackers to attack their customers’ environments.
The two vulnerabilities identified are as follows:-
Based on recent reports, Microsoft is aware of a limited number of targeted attacks used to breach users’ systems by exploiting these vulnerabilities.
In order to exploit either of the two vulnerabilities successfully, an attacker would need to have access to an Exchange Server that is vulnerable.
Microsoft Exchange Server 2013, 2016, and 2019 are all affected by these vulnerabilities which have an impact on on-premises deployments.
By exploiting these vulnerabilities successfully, hackers are able to accomplish the following things:-
While apart from this, Microsoft has claimed that they are steadily working to release a fix as soon as possible. However, there are protections built into Microsoft Exchange Online that enable customers to be protected from risks like these.
To ensure the safety of its customers, Microsoft will respond accordingly, since Microsoft is constantly observing all these detections for any malicious activity.
The current mitigation method for Exchange Server concerns the addition of a blocking rule which does the following:-
IIS Manager -> Default Web Site -> URL Rewrite -> Actions
As a result, known attack patterns are blocked in order to prevent attacks from occurring.
There is as yet no information on the technical details about the security holes that were exploited before the release of the fixes, as the company declined to comment on it.
Cyber Attack with Zero Trust Networking – Download Free E-Book
Microsoft has launched Researcher with Computer Use in Microsoft 365 Copilot, marking a significant advancement…
A new wave of cyber threats is emerging as criminals increasingly weaponize AdaptixC2, a free…
Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target…
Threat actors operating under the control of North Korea's regime have demonstrated continued technical sophistication…
Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations…
AzureHound, an open-source data collection tool designed for legitimate penetration testing and security research, has…