Microsoft has revealed that it is investigating two new zero-day vulnerabilities affecting the company’s Exchange Server, which is heavily used by hackers.
Microsoft said it is aware of limited targeted attacks using these two vulnerabilities.
The company said an attacker would need authenticated access to the vulnerable Exchange server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.
“In these attacks, CVE-2022-41040 could allow an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange server is required for any vulnerability to be successfully exploited,” Microsoft said in a security update.
The company was working on an accelerated schedule to release the patch.
“Until then, we are providing the mitigation recommendations and detection guidelines below to help customers protect themselves against these attacks,” it added.
Last year, Microsoft released an emergency security update for its Exchange email and communications software after at least 30,000 organizations in the US were affected by hackers who stole email messages from their systems.
US President Joe Biden’s administration has accused China of hacking Microsoft’s Exchange email server software. Cyber attacks have affected defense contractors, higher education institutions and non-governmental organizations around the world.
Microsoft said it is monitoring new “detections of zero-day malware and will respond as necessary to protect customers.” “Exchange Online customers do not need to take any action,” he added.
Read the whole thing Latest technical news and Latest news here
https://www.news18.com/news/tech/microsoft-warns-about-hackers-exploiting-multiple-zero-day-bugs-in-exchange-server-6090289.html