Two new Exchange zero-day flaws are under attack, but Microsoft has no imminent cure.

By Shivesh Kumar image source = google

Microsoft said hackers are exploiting two unpatched Exchange Server zero-day vulnerabilities.

[{"selector":"#anim-e7511751-354a-4fab-b58e-41367f2d9294","keyframes":[{"offset":0,"transform":"translate3d(0, -546.79852%, 0)","easing":"cubic-bezier(.5, 0, 1, 1)"},{"offset":0.29,"transform":"translate3d(0, 0%, 0)","easing":"cubic-bezier(0, 0, .5, 1)"},{"offset":0.45,"transform":"translate3d(0, -153.75974382400003%, 0)","easing":"cubic-bezier(.5, 0, 1, 1)"},{"offset":0.61,"transform":"translate3d(0, 0%, 0)","easing":"cubic-bezier(0, 0, .5, 1)"},{"offset":0.71,"transform":"translate3d(0, -52.27393851200001%, 0)","easing":"cubic-bezier(.5, 0, 1, 1)"},{"offset":0.8,"transform":"translate3d(0, 0%, 0)","easing":"cubic-bezier(0, 0, .5, 1)"},{"offset":0.85,"transform":"translate3d(0, -19.630066868000004%, 0)","easing":"cubic-bezier(.5, 0, 1, 1)"},{"offset":0.92,"transform":"translate3d(0, 0%, 0)","easing":"cubic-bezier(0, 0, .5, 1)"},{"offset":0.96,"transform":"translate3d(0, -8.530056912000001%, 0)","easing":"cubic-bezier(.5, 0, 1, 1)"},{"offset":1,"transform":"translate3d(0, 0%, 0)","easing":"cubic-bezier(0, 0, .5, 1)"}],"delay":0,"duration":1600,"fill":"both"}] By Shivesh Kumar image source = google

GTSC found the issues while responding to a customer's cybersecurity problem.

[{"selector":"#anim-c3ba16f5-3f56-4a7a-916c-3922382fb504","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3e5a0ed6-4a7f-4901-80b2-e7382528595c [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(-7.808777411688659%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] By Shivesh Kumar image source = google

The two zero-days were exploited in attacks on customers' environments in early August 2022.

[{"selector":"#anim-6dfa9495-ac5b-4bf2-8c5a-8145ce46314e","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-50bd927e-4e1d-4d03-a359-ed960de10db8","keyframes":{"transform":["translate3d(0px, -496.26742%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9a6d4da4-a71a-4148-87d7-d6f9bdff0373 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(8.703580930214695%, 0, 0) translate(25%, 0%) scale(1.5)","translate3d(0%, 0, 0) translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.14,.34,.47,.9)","fill":"forwards"}] By Shivesh Kumar image source = google

Microsoft's Security Response Center (MRSC) listed the two vulnerabilities as CVE-2022-41040 and CVE-2022-41082.

[{"selector":"#anim-a4b8054d-04f1-48d5-93e5-66e582f00cfc","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-23d3b0d1-06b4-4399-8967-715ed961df36 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(0%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] By Shivesh Kumar image source = google

6

[{"selector":"#anim-863da9e9-1db2-49cf-906e-f5dea57f6866 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-19.198422790485655%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-ecf7c7bd-df18-4e2f-af08-76d645c5326d","keyframes":{"transform":["translate3d(-125.09091%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.2, 0, .8, 1)","fill":"both"}] [{"selector":"#anim-0d22cb97-6876-4bf3-9329-066ba18cfdc6","keyframes":{"transform":["rotateZ(-180deg)","rotateZ(0deg)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.2, 0, .5, 1)","fill":"forwards"}] 1. PowerShell access permits remote code execution on a vulnerable server. By Shivesh Kumar image source = google

Microsoft has confirmed limited targeted attacks leveraging the two vulnerabilities.

[{"selector":"#anim-ec5cc303-5407-4a48-b67e-1735e9c65616 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(24.980500809385852%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-d1ee1d26-d3d8-44a7-9ef2-8e2eb2639205","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-1757beb1-fec2-4ab8-938e-c5ca2d098807","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] By Shivesh Kumar image source = google

Microsoft hasn't provided any specifics on the assaults and refuses to comment.

[{"selector":"#anim-ba0a3967-28e8-4b0f-950d-cbb7a278d98a [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-e0043acc-b41c-4b28-bf1c-e010106e05f7","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-aac3285d-b6c1-4bff-ae5b-39ba1c214def","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] By Shivesh Kumar image source = google