Các bài viết liên quan:
Microsoft officially revealed they are investigating two zero-day security vulnerabilities affecting Exchange Server 2013, 2016 and 2019 following reports of wild exploits.
“The first, identified as CVE-2022-41040, is a server-side query vulnerability (SSRF), while the second, identified as CVE-2022-41082, allows code execution. remote access (RCE) when PowerShell can access an attacker,” the tech giant said.
The company also confirmed that it is aware of “limited targeted attacks” that weaponize vulnerabilities to gain initial access to targeted systems, but emphasizes that there is a need for authenticated access to the vulnerable Exchange Server for a successful exploit.
The attacks detailed by Microsoft show that the two vulnerabilities are chained together in an exploit chain, with the SSRF bug allowing an authenticated adversary to remotely trigger arbitrary code execution.
The Redmond-based company further emphasizes that it is working on an “accelerated timeline” to roll out a fix, while urging customers to Microsoft Exchange on-premises add blocking rules in IIS Manager as a temporary solution to mitigate potential threats.
It should be noted that ‘s Online Customers Microsoft Exchange Unaffected. The steps to add a blocking rule are as follows:
Open IIS Manager Expand Default Site Select Autodiscover In Features View click Rewrite URL In Action pane on right side click Add Rule Select Block Request and click OK Add the string “. * Autodiscover \ .json. * \ @. * Powershell. * “(Exclude quotes) and click OK Expand Rule and select rule with Template”. * Autodiscover \ .json. * \ @. * Powershell. * “And click Edit under Condition Change the entry condition from {URL} to {REQUEST_URI}
