New York Tech Media
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital
No Result
View All Result
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital
No Result
View All Result
New York Tech Media
No Result
View All Result
Home Cybersecurity

MS Exchange zero-days: The calm before the storm?

New York Tech Editorial Team by New York Tech Editorial Team
October 3, 2022
in Cybersecurity
0
MS Exchange zero-days: The calm before the storm?
Share on FacebookShare on Twitter

CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

MS Exchange CVE-2022-41040 CVE-2022-41082

But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

Exchange zero-days: The current situation

CVE-2022-41040 and CVE-2022-41082 have been publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities.

Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings:

T’is fixed, hoorah. https://t.co/BxQFs4iMZy

— Kevin Beaumont (@GossiTheDog) October 1, 2022

For the record this is the section Microsoft removed from the ProxyNotShell blog, and didn’t document they had removed it.

If you made firewall changes to prevent RCE, it didn’t work. https://t.co/p2ClqcLyZE pic.twitter.com/rxokkWz4xz

— Kevin Beaumont (@GossiTheDog) October 1, 2022

And the problems are far from over – defenders should expect more changes soon:

If you are relying on the MS mitigation for #ProxyNotShell, it doesn’t work, I’ve verified. MS might want to read the Exchange source code. https://t.co/5ZYrvUTI8q

— Kevin Beaumont (@GossiTheDog) October 3, 2022

That last tweet refers to the PowerShell script delivering mitigation via the Exchange Emergency Mitigation (EM) service.

What should you do?

Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organizations globally.

“MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organization,” they added.

The other good news is there are still no public exploits for the two vulnerabilities.

But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”

Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised.


Credit: Source link

Previous Post

Fraud prevention in the cost of living crisis

Next Post

Stretchy, Wearable Synaptic Transistor Turns Robotics Smarter

New York Tech Editorial Team

New York Tech Editorial Team

New York Tech Media is a leading news publication that aims to provide the latest tech news, fintech, AI & robotics, cybersecurity, startups & leaders, venture capital, and much more!

Next Post
Stretchy, Wearable Synaptic Transistor Turns Robotics Smarter

Stretchy, Wearable Synaptic Transistor Turns Robotics Smarter

  • Trending
  • Comments
  • Latest
Meet the Top 10 K-Pop Artists Taking Over 2024

Meet the Top 10 K-Pop Artists Taking Over 2024

March 17, 2024
Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

Many businesses lack a formal ransomware plan

March 29, 2022
Zach Mulcahey, 25 | Cover Story | Style Weekly

Zach Mulcahey, 25 | Cover Story | Style Weekly

March 29, 2022
How To Pitch The Investor: Ronen Menipaz, Founder of M51

How To Pitch The Investor: Ronen Menipaz, Founder of M51

March 29, 2022
Japanese Space Industry Startup “Synspective” Raises US $100 Million in Funding

Japanese Space Industry Startup “Synspective” Raises US $100 Million in Funding

March 29, 2022
UK VC fund performance up on last year

VC-backed Aerium develops antibody treatment for Covid-19

March 29, 2022
Startups On Demand: renovai is the Netflix of Online Shopping

Startups On Demand: renovai is the Netflix of Online Shopping

2
Robot Company Offers $200K for Right to Use One Applicant’s Face and Voice ‘Forever’

Robot Company Offers $200K for Right to Use One Applicant’s Face and Voice ‘Forever’

1
Menashe Shani Accessibility High Tech on the low

Revolutionizing Accessibility: The Story of Purple Lens

1

Netgear announces a $1,500 Wi-Fi 6E mesh router

0
These apps let you customize Windows 11 to bring the taskbar back to life

These apps let you customize Windows 11 to bring the taskbar back to life

0
This bipedal robot uses propeller arms to slackline and skateboard

This bipedal robot uses propeller arms to slackline and skateboard

0
Eldad Tamir

AI vs. Traditional Investing: How FINQ’s SEC RIA License Signals a New Era in Wealth Management

March 17, 2025
Overcoming Payment Challenges: How Waves Audio Streamlined Transactions with BridgerPay

Overcoming Payment Challenges: How Waves Audio Streamlined Transactions with BridgerPay

March 16, 2025
Arvatz and Iyer

PointFive and Emertel Forge Strategic Partnership to Elevate Enterprise FinOps in ANZ

March 13, 2025
Canditech website

Canditech is Revolutionizing Hiring With Their New Product

March 9, 2025
Magnus Almqvist, new CEO of Exberry

Exberry Appoints Magnus Almqvist as CEO to Drive Next Phase of Strategic Growth

March 5, 2025
Expert Family Law Firms in New York: Your Essential Guide to Legal Help

Expert Family Law Firms in New York: Your Essential Guide to Legal Help

March 3, 2025

Recommended

Eldad Tamir

AI vs. Traditional Investing: How FINQ’s SEC RIA License Signals a New Era in Wealth Management

March 17, 2025
Overcoming Payment Challenges: How Waves Audio Streamlined Transactions with BridgerPay

Overcoming Payment Challenges: How Waves Audio Streamlined Transactions with BridgerPay

March 16, 2025
Arvatz and Iyer

PointFive and Emertel Forge Strategic Partnership to Elevate Enterprise FinOps in ANZ

March 13, 2025
Canditech website

Canditech is Revolutionizing Hiring With Their New Product

March 9, 2025

Categories

  • AI & Robotics
  • Benzinga
  • Cybersecurity
  • FinTech
  • New York Tech
  • News
  • Startups & Leaders
  • Venture Capital

Tags

3D bio-printing acoustic AI Allseated B2B marketing Business carbon footprint climate change coding Collaborations Companies To Watch consumer tech cryptocurrency deforestation drones earphones Entrepreneur Fetcherr Finance Fintech food security Investing Investors investorsummit israelitech Leaders LinkedIn Leaders Metaverse news OurCrowd PR Real Estate reforestation software start- up startupnation Startups Startups On Demand startuptech Tech Tech leaders technology UAVs Unlimited Robotics VC
  • Contact Us
  • Privacy Policy
  • Terms and conditions

© 2024 All Rights Reserved - New York Tech Media

No Result
View All Result
  • News
  • FinTech
  • AI & Robotics
  • Cybersecurity
  • Startups & Leaders
  • Venture Capital

© 2024 All Rights Reserved - New York Tech Media