Hackers exploiting 2 new zero-day bugs in Exchange Server: Microsoft - New Delhi News
by IANS | Updated Oct 01, 2022
Microsoft said it is aware of limited targeted attacks using these two vulnerabilities.
The company said an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.
"In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability," Microsoft said in a security update.
The company was working on an accelerated timeline to release a fix.
"Until then, we're providing mitigations and the detection guidance below to help customers protect themselves from these attacks," it added.
Last year, Microsoft released an emergency security update for its Exchange email and communications software as at least 30,000 organisations across the US were hit by hackers who stole email communications from their systems.
US President Joe Biden's administration had blamed China for the Microsoft Exchange email server software hacking.
The cyber attacks hit defence contractors, higher education institutions and nongovernmental organisations around the world.
Microsoft said that it was monitoring new zero-day "detections for malicious activity and we'll respond accordingly if necessary to protect customers".
"Exchange Online customers do not need to take any action," it added.