Vulnerability tricks researchers by mimicking old threats

Cybersecurity researchers have discovered a new zero-day vulnerability that has surfaced in Microsoft’s Exchange email servers and has already been exploited by bad actors. The yet-to-be-named vulnerability has been detailed by cybersecurity vendor GTSC, though information about the exploit is still being collected. It is considered a “zero-day” vulnerability due to the fact that public access to the flaw was apparent before a patch could be made available.

?

There’s reports emerging that a new zero day exists in Microsoft Exchange, and is being actively exploited in the wild ? I can confirm significant numbers of Exchange servers have been backdoored – including a honeypot. Thread to track issue follows:

— Kevin Beaumont (@GossiTheDog) September 29, 2022

News of the vulnerability was first submitted to Microsoft through its Zero Day Initiative program last Thursday September 29, detailing that the exploits of malware CVE-2022-41040 and CVE-2022-41082 “could allow an attacker the ability to perform remote code execution on affected Microsoft Exchange servers, according to Trend Micro. Microsoft stated on Friday that it was “working on an accelerated timeline” to address the zero-day vulnerability and create a patch. However, researcher Kevin Beaumont confirmed on Twitter that the flaw has been used by nefarious players to gain access to the back ends of several Exchange servers.

With the exploitation already in the wild, there are ample opportunities for businesses and government entities to be attacked by bad actors. This is due to the fact that Exchange servers rely upon the internet and cutting connections would sever productivity for many organizations, Travis Smith, vice president of malware threat research at Qualys, told Protocol. While details of exactly how the CVE-2022-41040 and CVE-2022-41082 malware work is not known, several researchers noted similarities to other vulnerabilities.

These include the Apache Log4j flaw and the “ProxyShell” vulnerability, which both have remote code execution in common. In fact, several researchers mistook the new vulnerability for ProxyShell until it was made clear that the old flaw was up to date on all of its patches. This made it clear that CVE-2022-41040 and CVE-2022-41082 are completely new, never-before-seen vulnerabilities.

The CVE-2022-41040 and CVE-2022-41082 zero day vulnerabilities were discovered within the Microsoft Exchange email servers later Thursday.

“If that is true, what it tells you is that even some of the security practices and procedures that are being used today are falling short.

They get back to the inherent vulnerabilities in the code and the software that are foundational to this IT ecosystem,” Roger Cressey, former member of cybersecurity and counterterrorism for the Clinton and Bush White Houses, told DigitalTrends. “If you have a dominant position in the market, then you end up whenever there’s an exploitation you think you’ve solved but it turns out there are other ones associated with it that pop up when you least expect it. And exchange is not exactly the poster child for what I would call a secure, a secure offering,” he added. 

Malware and zero-day vulnerabilities are a fairly consistent reality for all technology companies. However, Microsoft perfected its ability to identify and remediate issues, and make available patching for vulnerabilities in the aftermath of an attack. According to the CISA vulnerabilities catalog, Microsoft Systems has been subject to 238 cybersecurity deficiencies since the beginning of the year, which accounts for 30% of all discovered vulnerabilities.

These attacks include those against other major technology brands including Apple iOS, Google Chrome, Adobe Systems, and Linux, among many others. “There are a lot of technology IT companies that have zero days that are discovered and are exploited by adversaries. The problem is Microsoft has been so successful at dominating the marketplace that when their vulnerabilities are discovered, the cascading impact that it has in terms of scale and reach is incredibly big.

And so when Microsoft sneezes, the critical infrastructure world catches a bad cold and that seems to be a repeating process here,” Cressey said. One such zero-day vulnerability that was resolved earlier this year was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT). This tool is commonly associated with Microsoft Office and Microsoft Word.

Hackers were able to exploit it to gain access to a computer’s back end, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Early accounts of the vulnerability’s existence were remedied with workarounds.

However, Microsoft stepped in with a permanent software fix once hackers began to use the information they gathered to target the Tibetan diaspora and U.S. and E.U. government agencies.

Editors’ Recommendations

Tags:

appleyard-flowers listed on couponmatrix.ukgoogle-store listed on couponmatrix.ukrdx-sports listed on couponmatrix.ukshell-energy listed on couponmatrix.ukstuarts-london listed on couponmatrix.uktails-com listed on couponmatrix.uk
appleyard-flowers listed on couponmatrix.ukPut a smile on that special someone’s face with a bouquet of beautiful blooms from Appleyard Flowers, London’s premier boutique florist. Whether you’re hoping to put a ring on it or shower your mum with affection, you could add a little scent and colour to your loved one’s life with an Appleyard Flowers discount code from us. From simple yet stylish arrangements to show-stopping, luxury bouquets, you’ll be spoiled for choice no matter what the occasion with the stunning Appleyard Flowers range.
google-store listed on couponmatrix.ukIf you're after the latest Google™ devices, you've come to the right place. Whether you're after the latest Pixel smartphone, Nest home devices or anything in between, Google Store is your one-stop shop for all your Google™ favourites. Visit their website for all your Google device needs.
rdx-sports listed on couponmatrix.ukDreaming of the MMA? With RDX Sports, you’ll dominate the ring with professional-level combat gear that pulls no punches on quality. RDX boxing gloves offer top protection during practice and RDX yoga kits push your flexibility as well as strength. When it comes to affordability, RDX Sports shines. Thankfully, we’ve done the legwork at Groupon, so you can find all the top RDX discount codes, sale offers and special promotions right here. If you’re looking to save money on your home gym, start with Groupon first.
shell-energy listed on couponmatrix.ukLook to tomorrow’s world with Shell Energy, the supplier who sources only 100% renewable electricity for millions nationwide. With a dedication to forward-thinking through eco-friendly energy sources, smart technology and top-coverage broadband, switching and saving is a no-brainer with the latest Shell Energy discount from Groupon. With loyalty discounts to reward their customers and boiler cover to help insure against any rainy days, it’s easy to see why so many stay with Shell.
stuarts-london listed on couponmatrix.ukStuarts London offers natty apparel fit for the most discerning of male sartorialists. The designer stocks every part of a killer outfit, including clothing by top brands such as Adidas, Fred Perry and Nike. If you've suddenly decided your wardrobe could do with an update, a Stuarts London discount code from Groupon can help you grab a noteworthy bargain.
tails-com listed on couponmatrix.ukDogs, like humans, all have different needs, tastes, and lifestyles. This is why Tails.com makes dog food tailored exactly to them. Your furry friend deserves only the best, but this can often mean splashing out. Luckily with a Tails.com discount code, they can chow down for less. If you’re not yet totally convinced, Tails.com let you try the first meals free! So you can both decide if the food is for you.