Microsoft released updates to patch these bugs a week ago, but it’s still in the hands of the end users to apply it. While they do so, researchers have noted a rise in exploitations against these bugs since September this year.
Microsoft Exchange Bugs
Microsoft Exchange is often targeted by hackers due to its popularity, and many use this server software for hosting and managing their files. Thus, any bugs found in this software are quickly exploited to take advantage. In the latest pursuit, the Vietnamese cybersecurity firm GTSC has found two critical bugs in the Microsoft Exchange software, which can be exploited by chaining them together and deploying Chinese Chopper web shells on the compromised servers. This trend has been named ProxyNotShell. These two security vulnerabilities are tracked as CVE-2022-41082 and CVE-2022-41040 and affect Microsoft Exchange Server 2013, 2016, and 2019 versions. After GTSC, several other security firms have detailed how attackers can leverage these bugs to escalate their privileges, run PowerShell commands and gain arbitrary code execution on the compromised systems. Well, realizing its potential, Microsoft released patches to these bugs in the November 2022 Patch Tuesday update and recommended users to apply immediately, as Redmond has also detected active explorations against exposed Exchange servers. Now, a security researcher going by the name Janggggg has released the proof-of-concept (POC) exploit for these two bugs, which the attackers have previously used in their campaigns to target the backdoor Exchange servers. And with several researchers warning of active exploitations in the last couple of months, it’s advised to apply the latest Microsoft update to secure your Exchange servers.