Microsoft is notifying customers of a new zero-day exploit discovered in Microsoft Exchange which was exploited by attackers to hijack the servers and lock their users out.
Data breaches are often the work of other hacking groups and when a similar attack happened in July 2022, attackers stole more than 1.3 TB of data and encrypted critical systems for network usage.
AhnLab, which has forensic analysis experts that assisted in the investigation, states that the threat actors only took a single week to take control of the AD admin account.
Android apps downloaded from Google Play are estimated to have acquired over 20 million users.
A security researcher named AhnLab published a report recently on another hacking method that the Keyhole developers had fixed in December of last year, but it’s possible someone exploited this vulnerability before these patch updates.
“There were no reported vulnerabilities related to remote commands or file creation,” AhnLab explains.
Because the WebShell application was created on July 21, it is expected that the attacker used an undisclosed zero-day vulnerability.
Microsoft is always looking for ways to improve the security of their products and services, so they are actively investigating this report. If they find evidence that the vulnerability exists or has been exploited, they will take any action necessary to protect their customers.
News of a new Microsoft Exchange zero-days?
You should know that Microsoft has been working on security patches to address vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082. Microsoft is hoping to release new security updates in the near future, but they’ve been incredibly busy with bug hunting and patching lately.
“A researcher has uncovered traces pointing to a possible Labrys attack in September 2017 and the earliest attack occurred on September 28 with an unknown 3-stage bot,” AhnLab says.
“It is presumed that a different attacker used a different zero-day vulnerability.”
Regardless, there are differences in the delivery method that may not be enough evidence to prove that the attackers used a new zero-day. However, another security vendor knows of three additional undisclosed vulnerabilities in Exchange and provides protection “vaccines” installed at no cost.
Although the vulnerability itself was not discovered by a cybersecurity researcher, it was reported to Microsoft three weeks ago by Zero Day Initiative vulnerability researcher Piotr Bazydlo. It is tracked as ZDI-CAN-18881, ZDI-CAN-18882, and ZDI-CAN-18932 after its analysts validated the issue.
Undisclosed Exchange flaws
Trend Micro discovered undisclosed Exchange flaws (2017)
Trend Micro detects the exploits in real-time, enabling them to protect our customers for known and unknown threats. The company has full coverage on that front and is constantly finding new ways to offer protection without compromising the performance of their products.
Sentence rewriter.-https://www.marketingrevue.com/resources/add-shortcut-to-business-blog
Trend Micro Protection brings in-depth antivirus protection with malware detection and prevention. It also offers an added layer of security against an evolving problem that connects zero-day vulnerabilities to public exploits on Microsoft Exchange Server.
Microsoft has not disclosed any information regarding these three security flaws since they were reported and is yet to assign a CVE ID to track them.
