MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
two
Recherche

Microsoft Says Two New Exchange Zero-Day Bugs Under Active Attack, But No Immediate Fix

vendredi 30 septembre 2022, 16:03 , par Slashdot
Microsoft has confirmed two unpatched Exchange Server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks. From a report: Vietnamese cybersecurity company GTSC, which first discovered the flaws part of its response to a customer's cybersecurity incident, in August 2022, said the two zero-days have been used in attacks on their customers' environments dating back to early-August 2022. Microsoft's Security Response Center (MRSC) said in a blog post late on Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker. 'At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems,' the technology giant confirmed. Microsoft noted that an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities, which impact on-premise Microsoft Exchange Server 2013, 2016 and 2019. Microsoft hasn't shared any further details about the attacks and declined to answer our questions. Security firm Trend Micro gave the two vulnerabilities severity ratings of 8.8 and 6.3 out of 10.

Read more of this story at Slashdot.
https://it.slashdot.org/story/22/09/30/144220/microsoft-says-two-new-exchange-zero-day-bugs-under-ac...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
ven. 29 mars - 06:52 CET