Connect with us


Zero-day vulnerabilities exploited

Zero-day vulnerabilities exploited


According to Vietnam-based cybersecurity firm GTSC, a new zero-day vulnerability in a fully patched Microsoft Exchange server is being actively exploited. These were discovered in August and allow remote code execution on affected systems. Researchers suspect Chinese hackers are involved in the exploit.

Microsoft says it is working quickly to fix two zero-day exploits in Exchange Server. (Photo by Monticello/Shutterstock)

A pair of vulnerabilities known as CVE-2022-41040 and CVE-2022-41082 are being actively exploited in real-world attacks, where researchers say they can drop web shells and use them to navigate. Doing so could give the hacker a foothold on the victim’s system. entire compromised network.

In a blog post about the exploits, Microsoft said it was actively investigating and was only aware of limited targeted attacks that used them to penetrate users’ systems, suggesting that hackers use exploits. It states that requires verified user credentials.

It was first discovered by a team at GTSC last month during a routine security monitoring and incident response exercise for a client. They found a number of obfuscated web shells on Exchange servers similar to the ProxyShell exploit patched a year ago.

Using user-agents, the attackers detected the use of Antsword, an active China-based open source cross-platform website management tool that supports web shell management, researchers said in a blog post about their findings. said in

Are Chinese Hackers Behind the Exchange Vulnerability?

The group believes that a Chinese hacking group may be responsible for executing this zero-day exploit, as the web shells are encoded in Simplified Chinese and Chinese chopper web shells were among these attacks. I think that is high. This is a lightweight backdoor that allows hackers to gain persistent remote access to your device, giving them more time to continue exploring and exploiting your system.

The Chinese Chopper web shell was previously deployed by Hafnium, a hacking group backed by the Chinese government. Hafnium was actively using it to exploit the ProxyShell vulnerability last year before Microsoft issued a patch.

In addition to dropping a webshell on IIS, GTSC uses these zero-day exploits to inject malicious DLLs into memory and use WMI command-line tools to drop and execute additional payloads on servers. I discovered that it can be done.

Content from partners

They believe that multiple organizations have been impacted by active campaigns utilizing these exploits, but they are concerned about how they are being used or against which companies they are still active flaws. I didn’t go into details.

Data, Insights & Analysis for you View all newsletters Sign up for newsletters by the Tech Monitor team Sign up here Meet ProxyNotShell

Dubbed ProxyNotShell by cybersecurity expert Kevin Beaumont, this new exploit follows the same path as ProxyShell but adds authentication. On his Medium blog of his own, Beaumont says that organizations that don’t run his Exchange on their site and don’t have his internet-facing web app aren’t affected by the exploit. increase.

Microsoft states that CVE-2022-41040 allows an authenticated attacker to trigger a second exploit, CVE-2022-41082, which affects PowerShell handlers, but since this is an active exploit, it is not specifically No specific details have been made public.

In a blog post, Microsoft said it was working to accelerate timelines for releasing fixes, announced mitigations to help organizations protect themselves from attacks, and added Microsoft Exchange Online to protect customers. Added that there are detections and mitigations for Microsoft is also monitoring these already deployed malicious activity detections and will take necessary responsive action to protect our customers.

Exchange Online users are not affected, but users running Exchange on their sites should review their settings and apply URL rewrites that block exposed remote PowerShell ports. The current mitigation is to add a block rule to IIS Manager -> Default His Websites -> Autodiscover -> URL Rewrite -> Actions to block known attack patterns, he says Microsoft says.

An authenticated attacker with access to PowerShell Remoting on a vulnerable Exchange system can use CVE-2022-41082 to trigger an RCE. Blocking the port used for remote PowerShell can limit these attacks. For HTTP block port 5985 and HTTPS block 5986.

Read more: SessionManager Malware Targets Microsoft Exchange Servers




The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos


to request, modification Contact us at Here or [email protected]