virus logo Outbreak Alert

Microsoft Exchange ProxyNotShell Vulnerabilities

Released: Sep 29, 2022

Download PDF »

MSExchange Autodiscover RCE

Critical Severity

Microsoft Vendor

Vulnerability Type

Subscribe

Zero-Day on Exchange Server Autodiscover actively being exploited in the wild

Critical zero-day vulnerabilities that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers. FortiGuard has added multiple protections throughout the Security Fabric to safeguard its customers from attacks exploiting these zero-day vulnerabilities. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-41040
CVE-2022-41082
CVE-2022-41080

Background

A security researcher from a Vietnamese cybersecurity outfit GTSC spotted vulnerabilities on Microsoft Exchange Server while responding to an incident. The vulnerabilities have been reported three weeks ago through the Zero Day Initiative, which tracks them as ZDI-CAN-18333 and ZDI-CAN-18802.

Threat Radar Overall Score:
CVSS Rating 8.8
FortiRecon Score 93/100
Known Exploited Yes
Exploit Prediction Score 95.07%
FortiGuard Telemetry 26512

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


September 29, 2022: Security News picked up the blog from GTSC and announced the active exploitation of the Microsoft Exchange Server.


September 29, 2022: Multiple reports of exploitation in the wild leveraging the Microsoft Exchange Autodiscover 0-day vulnerabilities.
September 29, 2022: Microsoft Security Response Center added customer guidance on their blog: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • Vulnerability

  • IPS

  • Web App Security

  • Web & DNS Filter

  • Post-execution

  • Botnet C&C

DETECT

  • Threat Hunting

  • IOC

  • Outbreak Detection

  • Content Update

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...