Good news!
Microsoft may not yet have released a proper patch for the two new zero-day vulnerabilities that have been exploited in “limited targeted attacks” against Microsoft Exchange users, but it has published mitigations which can help protect your organisation.
Bad news!
Security researchers have found Microsoft’s mitigations can be bypassed.
Here’s a video from researcher Will Dormann where he offers a demonstration of how it’s possible to waltz around the CVE-2022-41040 and CVE-2022-41082 vulnerability mitigations has offered.
However, there’s additional good news in that it is not possible for an unauthenticated user to exploit the security holes remotely, meaning that any hacker who wants to attack your on-premises Exchange server will need to have already broken into one of your users’ accounts, or for a user who is connected to Exchange to have had their computer infected by malware that exploits the flaw.
Furthermore, reports so far have suggested that the attacks have relied upon PowerShell commands being triggered, and so blocking TCP ports 5985 and 5986 on your Exchange server will limit the possibility of attacks.
All the same, good news and bad news aside, it would be great if Microsoft could release a proper working security patch as soon as possible.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
