More Microsoft Exchange zero-days exploited in the wild TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. More Microsoft Exchange zero-days exploited in the wild By Sead Fadilpašić published 3 October 2022 Researchers believe Chinese hackers are utilizing hacks (Image credit: 123RF) Audio player loading… Two more zero-day vulnerabilities found in different versions of Microsoft Exchange Server are being exploited in the wild, the company has confirmed. According to recent customer guidance that Microsoft released for reported zero days, a server-side request forgery (SSRF) flaw, and remote code execution (RCE) flaw, were identified as being used by threat actors. The vulnerabilities were present in Microsoft Exchange Server 2013, 2016, and 2019 endpoints (opens in new tab). Chained flaws "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," Microsoft explained. "At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems." Exploiting the SSRF flaw isn't as easy, though, as the attack can only be pulled off by attackers that were authenticated by the target system. Only then can they exploit the RCE flaw, too. What's more, Exchange Online users are not exposed to any risks, the company confirmed, as its security team already placed detections and mitigations. "Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers," the company added. "We are working on an accelerated timeline to release a fix."Read more> This dangerous Microsoft Office zero-day is now being exploited in the wild > Microsoft just fixed a whole load of serious security flaws, so patch now > These are the best antivirus tools right now (opens in new tab) While Microsoft did not say who might be exploiting these flaws right now, BleepingComputer found GTSC, a Vietnamese cybersecurity firm, laying the blame on a Chinese threat actor. Apparently, the zero-days were being used to deploy China Chopper web shells for persistence, as well as data exfiltration. The same company also published mitigation measures that Microsoft subsequently confirmed. "On premises Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports," Microsoft said. "The current mitigation is to add a blocking rule in "IIS Manager -> Default Web Site -> Autodiscover -> URL Rewrite -> Actions" to block the known attack patterns."Check out the best firewalls (opens in new tab) out there Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2My days as a helpful meat shield are over, thanks to the Killer Klown horror game3I tried the weirdest-looking Bluetooth speaker in the world, and I utterly adore it4It looks like Fallout's spiritual successor is getting a PS5 remaster5One of the world's most popular programming languages is coming to Linux1We finally know what 'Wi-Fi' stands for - and it's not what you think2Best laptops for designers and coders 3The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me4Miofive 4K Dash Cam review5Logitech's latest webcam and headset want to relieve your work day frustrations Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)