Reliable sources suggest that Microsoft Corporation is actively pursuing the development of a patch for 2 zero-day vulnerabilities that have compromised the safety of its Exchange Server.
The flaws dubbed CVE-2022-41082 and CVE-2022-41040 were first discovered by Vietnam-based cybersecurity firm GTSC. Microsoft recently confirmed the existence of these flaws claiming that a small number of targeted attacks are likely to impact the functionality of the Microsoft Exchange Server versions of 2013, 2016, and 2019.
However, the company further stated that these bugs have less severe undertones creditable to the feature of PowerShell Authentication which was initially released as a counter-mechanism to tackle the ProxyShell vulnerabilities that were adversely abused in 2021.
Initial observations by GTSCs security advisory revealed that the attack was aimed at a critical infrastructure made through Microsofts Exchange Server.
Reportedly, CVE-2022-41040 is a server-side request forgery (SSRF) debacle. On the other hand, when the vulnerability CVE-2022-41082 is triggered, the bug could easily begin the process of a Remote Code Execution (RCE).
After this discovery, GTSC immediately informed Trend Micros Zero Delivery Initiative (ZDI) division of the issue, wherein a full-fledged analysis was launched by the Microsoft Security Response Center (MSRC) after verification, which was later published.
Microsoft is of the opinion that less than 10 organizations across the globe have been tackling this issue, which showcases a clear agenda of a state-sponsored organization.
Siding with the corporation’s claims, researchers from GTSC have confirmed that there is proof that a Chinese threat group is capitalizing on the gateway provided by Antsword, which is a cross-platform website management suite developed in China that boasts of an optimum web-shell functionality.
In addition to confirming the existence of the aforementioned flaws, Microsoft has released a list of measures that users have to undertake to mitigate the impact.
The company has reportedly urged its users to disable PowerShell access to non-administrators immediately, thereby enabling the Exchange Emergency Mitigation Service (EEMS) to take action and subsequently apply other limitations to fortify the safety of the users on the platform.