• Microsoft Exchange server zero-day mitigation can be bypassed

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Business users » Microsoft Exchange server zero-day mitigation can be bypassed

    • This topic has 1 reply, 2 voices, and was last updated 2 months ago.


    Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.

    Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.

    Both security flaws were reported privately through the Zero Day Initiative program about three weeks ago by Vietnamese cybersecurity company GTSC, who shared the details publicly last week.

    As part of an advisory, Microsoft shared mitigations for on-premise servers and a strong recommendation for Exchange Server customers to “disable remote PowerShell access for non-admin users” in the organization.”..

    Security researcher Jang in a tweet today shows that Microsoft’s temporary solution for preventing the exploitation of CVE-2022-41040 and CVE-2022-41082 is not efficient and can be bypassed with little effort.

    Will Dormann, a senior vulnerability analyst at ANALYGENCE, agreeswith the finding and says that the ‘@’ in Microsoft’s URL block “seems unnecessarily precise, and therefore insufficient.”

    • This topic was modified 2 months ago by Alex5723.
    Viewing 0 reply threads
    • #2485545

      Instead of the URL block that Microsoft put forward, Jang provided a less specific alternative, designed to cover a wider set of attacks:

      October 4, 2022 updates:
      Important updates have been made to the Mitigations section improving the URL Rewrite rule. Customers should review the Mitigations section and apply one of these updated mitigation options:

      Option 1: The EEMS rule is updated and is automatically applied.
      Option 2: The previously provided EOMTv2 script has been updated to include the URL Rewrite improvement.
      Option 3: The URL Rewrite rule instructions have been updated. The string in step 6 and step 9 has been revised. Steps 8, 9, and 10 have updated images.

      Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
      [Microsoft Security Response Center]

      Windows 11 Pro version 22H2 build 22621.900 + Microsoft 365/Edge

      1 user thanked author for this post.
    Viewing 0 reply threads
    Reply To: Microsoft Exchange server zero-day mitigation can be bypassed

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: