ACSC flags Microsoft Exchange vulnerabilities
The Australian Cyber Security Centre (ACSC) has reported two new zero-day vulnerabilities in Microsoft Exchange Servers 2013, 2016, 2019.
Microsoft published a list of the common vulnerabilities and exposures (CVEs), assigned to:
- CVE-2022-41082 – remote code execution vulnerability
- CVE-2022-41040 – elevation of privilege vulnerability
Also noted are Historical CVEs related to ProxyShell, including:
- CVE-2021-34473 – pre-auth path confusion leads to ACL bypass (patched in April by KB5001779).
- CVE-2021-34523 – elevation of privilege on exchange powerShell backend (patched in April by KB5001779).
- CVE-2021-31207 – post-auth arbitrary-file-write leads to RCE (patched in May by KB5003435).
Organisations are being urged to deploy mitigations, particularly those who have already suffered breaches. The advice is calling to search for post-exploitation activity including deployment of webshells.
The ACSC is not yet aware of successful exploitation in Australia and has advised stakeholders to monitor the situation. Impacted organisations have been encouraged to report any incidents to the agency.
Find out how Acurus can protect your organisation from vulnerabilities, contact us today.