Microsoft: Two active vulnerabilities discovered on Exchange server
zero-day gap
Microsoft Exchange is again affected by security vulnerabilities. The two zero-day vulnerabilities are still being actively exploited, but a fix is said to be in the works.
News
After Microsoft had to deal with a serious security vulnerability in Exchange Server last July, the service is again under fire. The vulnerabilities CVE-2022-41040 and CVE-2022-41082 are used “to a limited extent” according to a blog post by the company. A fix for the vulnerability for the affected versions Microsoft Exchange Server 2013, 2016 and 2019 is already in progress.
At the one with the code CVE-2022-41040 The vulnerability referred to is a so-called Server-Side Request Forgery (SSRF). This describes a forcing of server-side applications to predefined requests to unauthorized places. Among other things, this enables communication and data transmission between the affected Exchange server and the attacking side.
The second security problem also results from this vulnerability. Under the designation CVE-2022-41082 Returns a way for attackers to remotely execute potentially malicious code, also known in the industry as remote code execution. According to Microsoft, however, both vulnerabilities can only be exploited via an account authenticated on the server.
In addition to explaining the two zero-day vulnerabilities found, Microsoft also states that a solution to the problem is already being worked on. With the Exchange Mitigation Service (EMS), the service now has an automated tool that is supposed to be able to detect these attacks and prevent them via URL redirection. For users who cannot use the recognition system directly, the company has a Script for download provided, which enables server-side execution of EMS.
Continue to home page
Reference-www.pc-magazin.de