Journalist PR
    Facebook Twitter Instagram
    Journalist PR
    • Tech
    • Entertainment
    • Celebrity
    • Health
    • Games
    • Politics
    • Trending
    Journalist PR
    Home»Technology»High-Severity 220,000 Servers Are In Danger Because Of An Attack On A Microsoft Exchange 0-Day

    High-Severity 220,000 Servers Are In Danger Because Of An Attack On A Microsoft Exchange 0-Day

    0
    By Sam Houston on October 1, 2022 Technology
    High-severity 220,000 Servers Are In Danger Because Of An Attack On A Microsoft Exchange 0-Day
    High-severity 220,000 Servers Are In Danger Because Of An Attack On A Microsoft Exchange 0-Day
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Microsoft said that it is moving up its plans to release a patch. Late Thursday, Microsoft confirmed that it’s Exchange application has two critical flaws that have already let hackers into multiple servers and pose a serious threat to an estimated 220,000 more around the world.

    Since early August, when Vietnam-based security firm GTSC found that customer networks had been infected with malicious web shells and that the initial entry point was some kind of Exchange vulnerability, the security flaws that haven’t been fixed have been actively exploited.

    The mystery exploit looked almost exactly like ProxyShell, an Exchange zero-day from 2021, but all of the customers’ servers had already been patched against the vulnerability, which is known as CVE-2021-34473. The researchers eventually found out that the unknown hackers were taking advantage of a new Exchange vulnerability.

    High-severity 220,000 Servers Are In Danger Because Of An Attack On A Microsoft Exchange 0-Day

    Web shells, Backdoors, And Fake Sites

    In a post published on Wednesday, the researchers said, “After successfully mastering the exploit, we recorded attacks to gather information and get a foothold in the victim’s system.” “The attacking team also used different methods to make backdoors on the system that was attacked and to move laterally to other servers in the system.”

    On Thursday night, Microsoft confirmed that the holes were new and said that it was working quickly to make a fix. The new bugs are CVE-2022-41040, which is a server-side request forgery bug, and CVE-2022-41082, which lets an attacker run code remotely if PowerShell is available to them.

    Members of the Microsoft Security Response Center wrote, “At this time, Microsoft is aware of a small number of targeted attacks that used the two vulnerabilities to get into users’ systems.” “CVE-2022-41040 makes it possible for an authenticated attacker to remotely trigger CVE-2022-41082 in these attacks.” Team members stressed that for an attack to work, at least one email user on the server must have valid credentials.

    More Latest Tech News For Our Readers:

    • Camera Comparison Iphone 14 Pro Max Vs Iphone13 Pro max! Which One Should You Buy?
    • Information Technology Program Makes New Ai Application Minor!

    The flaw affects Exchange servers that are hosted on-premises, but not Microsoft’s hosted Exchange service. The big catch is that many organizations that use Microsoft’s cloud service choose an option that uses both on-premises hardware and hardware in the cloud. These environments are just as vulnerable as environments that are only on-premises.

    Searches on Shodan show that there are more than 200,000 on-premises Exchange servers that are open to the Internet and more than 1,000 hybrid configurations.

    High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers https://t.co/pimSKo7GOA by @dangoodin001

    — Ars Technica (@arstechnica) September 30, 2022

    Searches on Shodan show that there are more than 200,000 on-premises Exchange servers that are open to the Internet and more than 1,000 hybrid configurations.

    In a post on Wednesday, GTSC said that attackers are using the zero-day to infect servers with web shells, which are text interfaces that let them send commands. Researchers think the hackers are fluent in Chinese because these web shells use simplified Chinese characters.

    The China Chopper is a web shell that is often used by Chinese-speaking threat actors, including several advanced persistent threat groups that are known to be backed by the People’s Republic of China. Its signature is also on the commands that are sent.

    GTSC said that the malware that the threat actors end up installing is a copy of Microsoft’s Exchange Web Service. It also connects to the IP address 137.184.67.33, which is hardcoded into the binary. Kevin Beaumont, an independent researcher, said that the address hosts a fake website that has only one user who has been logged in for one minute. The site has only been up and running since August.

    The malware then sends and receives data that is encrypted with an RC4 encryption key that is created at runtime. Beaumont then said that the backdoor malware seems to be new, which means it has never been used in the wild before.

    People who run Exchange servers on-premises should act right away. In particular, they should set up a blocking rule that stops servers from accepting known attack patterns. “IIS Manager > Default Web Site > URL Rewrite > Actions” is where the rule can be used. For the time being, Microsoft also recommends that people block HTTP port 5985 and HTTPS port 5986, which attackers need to use CVE-2022-41082.

    Microsoft’s advisory has a lot of other tips for finding infections and stopping exploits until a patch is released.

    For further information, please continue to visit our homepage. Journalistpr.com

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Avatar photo
    Sam Houston

    Journalistpr bestselling author Sam Houston is a former journalist who has interviewed murderers on death row, flown over L.A. with the LAPD. He’s also reported from the Caribbean, Africa and Kuwait’s border with Iraq. His books have been published in nearly 30 countries, including an illegal translation produced in Iran.

    Related Posts

    How Is The Ford (F) North America Unit Positioned Prior To Q4 Earnings?

    How Is The Ford (F) North America Unit Positioned Prior To Q4 Earnings?

    January 25, 2023
    How To Check Your Playlist For This Year On Apple Music Wrapped 2022

    How To Check Your Playlist For This Year On Apple Music Wrapped 2022

    December 1, 2022
    Doesn't Work Apple Music Replay 2022? 5 Ways to Repair

    Doesn’t Work Apple Music Replay 2022? 5 Ways to Repair

    December 1, 2022

    Leave A Reply Cancel Reply

    Latest Post
    Def Leppard Drummer Rick Allen Assaulted In Florida

    Def Leppard Drummer Rick Allen Assaulted In Florida

    March 19, 2023
    Rod Stewart Illness

    Rod Stewart Illness: The Latest Updates and Reactions About His Health!

    March 19, 2023
    Are Isha and Michael Still Together in 2023

    Are Isha and Michael Still Together in 2023? The Latest Update on Their Romance!

    March 19, 2023
    Is My Hero Academia Ending

    Is My Hero Academia Ending: A Letdown for Fans or a Perfect Conclusion?

    March 19, 2023
    Is Bill Self Sick?

    Is Bill Self Sick? He Is Comeback for NCAA Tournament Following Heart Procedure

    March 19, 2023
    Video Released In Fatal Police Shooting of Najee Seabrooks

    Video, 911 Calls, Released In Fatal Police Shooting of Najee Seabrooks!

    March 19, 2023
    About Us

    Here on this Blog journalistpr.com, we will share all the best and authentic information related to Tech news and lots more.

    The modern age requires people to be informed about the latest events in the world. Information portal «journalist PR» is engaged in news coverage of science and technology. Information is provided in the most promising online magazine format containing deployed articles, a mass of colourful illustrations and photographs, as well as entertaining videos and full-length science-fiction movies.

    Latest Posts
    Def Leppard Drummer Rick Allen Assaulted In Florida

    Def Leppard Drummer Rick Allen Assaulted In Florida

    March 19, 2023
    Rod Stewart Illness

    Rod Stewart Illness: The Latest Updates and Reactions About His Health!

    March 19, 2023
    Are Isha and Michael Still Together in 2023

    Are Isha and Michael Still Together in 2023? The Latest Update on Their Romance!

    March 19, 2023
    Follow Us On
    • Facebook
    • Twitter

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version