Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog
September 2022 Exchange 0-day finally patched

Microsoft finally patched serious Exchange 0-day over a month old!

Posted on November 9, 2022November 17, 2022 By rich No Comments on Microsoft finally patched serious Exchange 0-day over a month old!
Cyber Security

Yesterday, Microsoft finally released their patches for the Exchange 0-day exploits that were made public back in September 2022, going by the names of CVE-2022-41040 and CVE-2022-41082.

The full list of patched vulnerabilities patched are:

  • CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41082 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41078 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41123 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41079 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41080 – Microsoft Exchange Server Elevation of Privilege Vulnerability

The exploits forced IT teams across the globe to quickly mitigate the vulnerabilities, only to find that several iterations of the mitigation itself were flawed and had to be modified several times to prevent attackers from bypassing the mitigation.

Microsoft seems to have taken a very relaxed approach to this 0-day, as if on-premises servers are not their focus anymore. IT teams have had to wait over a month for a patch to a vulnerability chain that could lead to a remote code execution attack.

The patch (KB5019758) comes in the form of a cumulative update which applies to Exchange Server 2013/2016/2019. The patch is available via the usual Windows Update procedure.

Executive Summary

If you have not yet mitigated this vulnerability, you should do so as soon as possible, either by installing this latest patch or applying the mitigation-supplied Exchange Mitigation Tool. If you have just seen this, it might be a good idea to check for indicators of compromise on your exchange servers. This can be done by running the following PowerShell on the exchange front end.

Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200'

If logs are present, then you will need to take steps to analyse the attack further and attempt to contain the attack.

Post navigation

❮ Previous Post: How to setup your first SecOps Incident Response Plan
Next Post: How to block an Office 365 Sign-in correctly ❯

You may also like

Phishing
Cyber Security
How to implement a SecOps team phishing response plan
November 15, 2022
Security Alert
Cyber Security
How to setup your first SecOps Incident Response Plan
November 7, 2022
Cyber Security
How to achieve defence in depth in your business
November 18, 2022
MFA
Cyber Security
How to prevent and protect against an MFA Flood attack
November 3, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown