Microsoft: Two active vulnerabilities discovered on Exchange server

VG word pixels

zero-day gap

Microsoft Exchange is again affected by security vulnerabilities. The two zero-day vulnerabilities are still being actively exploited, but a fix is ​​said to be in the works.

News

Researchers discover a serious security vulnerability in USB sticks.
Microsoft Exchange: Two zero-day vulnerabilities allow attacks on the servers.
© Sergey Nivens – Fotolia.com

After Microsoft had to deal with a serious security vulnerability in Exchange Server last July, the service is again under fire. The vulnerabilities CVE-2022-41040 and CVE-2022-41082 are used “to a limited extent” according to a blog post by the company. A fix for the vulnerability for the affected versions Microsoft Exchange Server 2013, 2016 and 2019 is already in progress.

At the one with the code CVE-2022-41040 The vulnerability referred to is a so-called Server-Side Request Forgery (SSRF). This describes a forcing of server-side applications to predefined requests to unauthorized places. Among other things, this enables communication and data transmission between the affected Exchange server and the attacking side.

The second security problem also results from this vulnerability. Under the designation CVE-2022-41082 Returns a way for attackers to remotely execute potentially malicious code, also known in the industry as remote code execution. According to Microsoft, however, both vulnerabilities can only be exploited via an account authenticated on the server.

In addition to explaining the two zero-day vulnerabilities found, Microsoft also states that a solution to the problem is already being worked on. With the Exchange Mitigation Service (EMS), the service now has an automated tool that is supposed to be able to detect these attacks and prevent them via URL redirection. For users who cannot use the recognition system directly, the company has a Script for download provided, which enables server-side execution of EMS.

See also  Google still hasn't told developers that Stadia is shutting down
Pro Tips: Administer Exchange Server 2010
Microsoft Exchange: The Basic Auth login will be phased out.

From October 1st

Microsoft Exchange: Basic Auth procedure will be abolished

The insecure login method “Basic Authentication” is deactivated in Microsoft Exchange. What changes are coming to users.

4.10.2022 from
Yusuf Hatic

Continue to home page

more on the subject

remove virus

Beware of Trojans

CCleaner free: Fake download turns out to be malware

A trojan is currently in circulation, which is distributed via a fake CCleaner license. The malware steals passwords and credit cards…

Apple M1 logo

Vulnerability in the CPU

Apple M1: Security vulnerability PACman cannot be fixed

Apple’s M1 chip has a security flaw that’s not easily fixed. PACman also allows attacks against the OS kernel.

Browser test 2020: The new Edge vs. Chrome & Firefox

Chrome, Edge and Firefox

Browser vulnerability: passwords stored in plain text

A vulnerability in Google Chrome allows passwords to be read in plain text. But Edge and Firefox should also be affected.

Hand holding a padlock in front of the Google Chrome logo
Doctor's assistant digitally records a patient's data at reception

Vulnerability in practice software

More than 1 million patient data ended up unprotected on the internet

Not compliant with data protection: Patient data ended up on the Internet for unauthorized persons to view via practice software. Several 10,000 patients were affected.

Reference-www.pc-magazin.de