Hackers exploiting 2 new zero-day bugs in Exchange Server: Microsoft

New Delhi, Oct 1 (IANS): Microsoft has revealed it is investigating two new zero-day vulnerabilities affectingAthe company's Exchange Server which is actively being exploited by hackers.

Microsoft said it is aware of limited targeted attacks using these two vulnerabilities.

The company said an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.

"In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability," Microsoft said in a security update.

The company was working on an accelerated timeline to release a fix.

"Until then, we're providing mitigations and the detection guidance below to help customers protect themselves from these attacks," it added.

Last year, Microsoft released an emergency security update for its Exchange email and communications software as at least 30,000 organisations across the US were hit by hackers who stole email communications from their systems.

US President Joe Biden's administration had blamed China for the Microsoft Exchange email server software hacking.

The cyber attacks hit defence contractors, higher education institutions and nongovernmental organisations around the world.

Microsoft said that it was monitoring new zero-day "detections for malicious activity and we'll respond accordingly if necessary to protect customers".

"Exchange Online customers do not need to take any action," it added.



Top Stories

Leave a Comment

Title: Hackers exploiting 2 new zero-day bugs in Exchange Server: Microsoft

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.