ACSC flags Microsoft Exchange vulnerabilities

The Australian Cyber Security Centre (ACSC) has reported two new zero-day vulnerabilities in Microsoft Exchange Servers 2013, 2016, 2019.

Microsoft published a list of the common vulnerabilities and exposures (CVEs), assigned to:

CVE-2022-41082 – remote code execution vulnerability
CVE-2022-41040 – elevation of privilege vulnerability

Also noted are Historical CVEs related to ProxyShell, including:

CVE-2021-34473 – pre-auth path confusion leads to ACL bypass (patched in April by KB5001779).
CVE-2021-34523 – elevation of privilege on exchange powerShell backend (patched in April by KB5001779).
CVE-2021-31207 – post-auth arbitrary-file-write leads to RCE (patched in May by KB5003435).

Organisations are being urged to deploy mitigations, particularly those who have already suffered breaches. The advice is calling to search for post-exploitation activity including deployment of webshells.

The ACSC is not yet aware of successful exploitation in Australia and has advised stakeholders to monitor the situation. Impacted organisations have been encouraged to report any incidents to the agency.

Find out how Acurus can protect your organisation from vulnerabilities, contact us today.

Services

Case Studies

Retail

OfficeWorks

Cotton On

Bakers Delight

Utilities

Hydro Tasmania

Lumo Energy

Tomi Broadband

Kiwi Energy

Health and Insurance

Kure Medical Solutions

Tristar Medical Group

Crawford and Company

Government

Cardinia Shire Council

Placeright

Mallee District Aboriginal Services

Financial and Law

Money3

Other Industries

Actrol

Serviceworks

InterfaceIT

ACSC Flags Microsoft Exchange Vulnerabilities

Contact