CATEGORIES
home IT/Enterprise Security

Microsoft Confirms Multiple Critical 0-Day Flaws In Exchange Server

by Nathan OrdSaturday, October 01, 2022, 12:42 PM EDT
proxynotshell microsoft exchange rce 0 day discovered
Earlier this week, Microsoft confirmed a “new” 0-Day remote code execution vulnerability within Exchange Servers. While it isn’t necessarily new in the family of Proxy-Exploits, critical infrastructure is still being attacked now, and hundreds of thousands of servers are potentially vulnerable to this issue, so patch as soon as possible.

On Wednesday this week, cybersecurity firm GTSC released a blog post titled “New Attack Campaign Utilized A New 0-Day RCE Vulnerability On Microsoft Exchange Server,” which outlined detected exploit requests similar to the ProxyShell vulnerability of 2021. Shortly thereafter, Microsoft dove into triage mode and assigned CVE-2022-41040 and CVE-2022-41082, a server-side request forgery and remote code execution vulnerability, respectively. However, it was noted that to exploit either vulnerability, an attacker must have valid credentials for a non-admin user on the Exchange server.

shodan proxynotshell microsoft exchange rce 0 day discovered

Cybersecurity researcher and purveyor of vulnerability names and logos Kevin Beaumont quickly dubbed this issue “ProxyNotShell” because “it is the same path and SSRF/RCE pair from [ProxyShell in 2021]… but with authentication.” He further explained that this problem only affects those who run Microsoft Exchange on-premise and don’t have the Outlook Web App (OWA) facing the internet. However, using Shodan, an internet-connected device search engine, it is reported that there are potentially 204,000 exposed OWA pages meaning these organizations should assess their exposure and potentially mitigate the issue.

To this end, Microsoft provides three options for mitigation on its blog, the first of which is effectively “sit tight,” as customers with the Exchange Server Emergency Mitigation Service enabled will have mitigations pushed automatically. Beyond this, Microsoft has created a script that customers can deploy, or administrators can create URL rewrite rules themselves. Microsoft also notes that Exchange Online customers need not take any action, but Beaumont counters this and explains that Exchange Hybrid servers are potentially vulnerable and should be updated and secured.

It should also be noted that there is information available that can help admins discover if either vulnerability has been deployed against their infrastructure. Hopefully, with all this coverage and mitigations now rolling out, this problem will not spiral out of control over the weekend. Otherwise, if you or a beloved admin has been affected by ProxyNotShell linked to Exchange exposure, you may be entitled to financial compensation.
Tags:  Microsoft, security, vulnerability, Microsoft-Exchange, (nasdaq:msft), 0day
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment