Two Interconnected Zero Day Bugs Hit Microsoft Exchange System

October 03, 2022 By Raulf Hernes

(Image Credit Google)

Microsoft revealed on Friday that a single activity group used two recently discovered zero-day vulnerabilities to chain together limited assaults against less than ten worldwide targets in August 2022 to get initial access and compromise Exchange systems. The two flaws fall under the category of "zero-day" vulnerabilities, which are only found after an attacker has taken use of them. Its name refers to the fact that there are no days between its discovery and use. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration," the Microsoft Threat Intelligence Center (MSTIC) said in a new analysis. Microsoft added that due to the "highly privileged access Exchange systems confer upon an attacker," the weaponization of the vulnerabilities is predicted to increase over the next few days. This includes the use of ransomware. Microsoft Exchange

The tech giant added that it was already looking into these attacks when the Zero Day Initiative reported the flaws to Microsoft Security Response Center (MSRC) earlier last month on September 8–9, 2022. The tech giant attributed the ongoing attacks to a state-sponsored organisation with medium confidence. Numerous businesses all over the world use Microsoft Exchange Server. Exchange Server enables businesses to create official email domains in their name and provide each employee a personal official email address. The biggest danger with using such a service is that illegal access to one account could lead to other attacks that could compromise the entire business. According to the advice from CERT-In, which was released on Saturday, the two flaws might give a hacker access to a device and allow them to run remote code on it. Any code or programme run by a hacker on a hacker device without the owner's knowledge or agreement is referred to as remote code. However, only someone who already has login credentials to access Microsoft Exchange Server may do this; this person is referred to as an authorised attacker in information technology (IT).

"An authenticated attacker could exploit these vulnerabilities by sending a specially-crafted request to the affected system. Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution on the targeted system," CERT-In’s advisory states, adding, "Note: These vulnerabilities are being exploited in the wild." The term ‘exploited in the wild’ refers to the fact that an exploit for the said vulnerability exists and is being used. Microsoft acknowledged both vulnerabilities and said the first could be exploited to exploit the second in an official update posted to its website. The tech giant added that in order to take advantage of the two vulnerabilities, an attacker would first need to get authorised access to an Exchange server. Microsoft claims that the first vulnerability enables authenticated attackers to communicate with the server by impersonating an affected machine, while the second one allows them to access and navigate between additional vulnerable devices linked to the server. Furthermore, anyone who uses email can perform this; access to an administrator is not required.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Two Interconnected Zero Day Bugs Hit Microsoft Exchange System

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Amazon's Conversational Genie to Answer Product Queries

Threads is working on an API for developers

Elon Musk's X Introduces 2 New Special Membership Plans

Amazon Clinic Expands to Treat Coughs, Colds, and Flu

Google is making password-killing technology available to all accounts

TikTok Executive Confirms Manual Promotion of Content on Platform