Microsoft Exchange attack: Temporary solution to patch zero-day flaw can be bypassed

Microsoft recently confirmed that it is aware and now working on patching two zero-day vulnerabilities on Microsoft Exchange server that were used to carry out limited targeted attacks. The company also released the Exchange Emergency Mitigation Service (EEMS) mitigation in order to slow down hackers’ progress in stealing user data, however, security researchers have claimed that the temporary solution used to plug the attacks can be easily bypassed.

What is the vulnerability?

Two zero-day vulnerabilities – CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) – were first reported by GTSC.

Microsoft Exchange attack: Temporary solution to patch zero-day flaw can be bypassed

More in IT

Ola CEO Bhavish Aggarwal to Microsoft’s LinkedIn: … Luckily my team takes screenshots

ChatGPT users are getting GPT-4’o’ free: What are new features, availability and more

Google I/O 2024: Gemini Nano AI model brings “Help Me Write” feature to Chrome

Must Read Articles

Poor Show

Zomato & Swiggy

Regulating Big Tech

Interview with Preetham Uthaiah, EVP – Marketing & Strategy Saankhya Labs

DoT launches portal for centralised RoW approvals

NCAER Working Paper

Real-Time-Bidding of your Data

DoT to get 33 pc stake of Vi for Rs 16,133 cr interest dues

National Data Governance Framework

BSNL 4G

Archives

You may also like

More in IT

Must Read Articles

Archives