A few days ago there was a piece of news that greatly concerned users who use Microsoft Exchange. Apparently, two vulnerabilities have been detected that allow the entry of hackers whose intention is to introduce viruses and infect servers with malicious software. Right now we are working against the clock to resolve this situation in the shortest time possible. Well, many companies are at risk.
What are these two vulnerabilities?
Both vulnerabilities that have been discovered in Microsoft Exchange are recent and are named CVE-2022-41040 and CVE-2022-41082. In the first case, the vulnerability affects server request forgery allowing hackers to remotely execute code and this triggers the second vulnerability. This makes it easy for these people to access Exchange Powershell without barriers.
At first the attacks were timid and restrained, affecting less than 10 companies worldwide, according to data from Microsoft itself. However, the situation began to become more critical, since this was mere maneuvers to break down, with increasingly better success rates, the protections that Microsoft Exchange has. Given this, they have begun to take measures to defend themselves.
The problem is with the on-premises Exchange servers
It is important to clarify that these two vulnerabilities that are affecting Microsoft Exchange are only affecting its local servers., not in the service that is hosted by Microsoft. In addition, much emphasis has been placed on how vulnerable organizations that opt to combine local hardware with the cloud are to this type of attack. This increases the risk of vulnerability.
But besides this, it is crucial to be especially careful with the security measures adopted to protect against this type of vulnerability. Hackers must obtain the credentials to be able to circumvent all the barriers that exist when accessing local servers and this can be achieved through messages or sendings from fake fraudulent sites to email. Therefore, caution is advised.
What solutions is Microsoft Exchange considering?
Microsoft Exchange has been working since Thursday on the design and development of a new patch that can offer security to organizations to defend against these two vulnerabilities that it has just detected. However, this will not be immediate, so, although all efforts are being put on the table, the creation of a successful patch requires time and tests to verify its effectiveness.
That’s why, From Microsoft they have recommended that organizations that work with local Exchange servers block HTTPS ports 5985 and 5986 which are what hackers are using to access the mentioned vulnerabilities. Also, it is worth remembering all the security measures so as not to click on suspicious websites that may contain threats and put the servers at risk.
According to the study The state of cybersecurity in Spain, up to 94% of companies in Spain suffered, in 2021, a security problem. As we realize, not even companies like Microsoft Exchange are protected against this. Every year, new vulnerabilities appear that we must try to stop. It is not an easy job, but it is possible to limit its consequences by detecting it early.
