12/16/2023 0 Comments Outlook exchangeSOCRadar, equipped with its Attack Surface Management (ASM) module and Vulnerability Intelligence feature, empowers organizations to proactively address emerging threats and safeguards them from becoming a threat actor’s target. The company stated they will make patches available in versions and updates as they deem appropriate. According to Microsoft, the severity of these vulnerabilities does not necessitate immediate patching, primarily due to their authentication requirement for further exploitation. Microsoft Exchange currently lacks official patches to address these security vulnerabilities. Threat actors can take advantage of this security vulnerability to access and retrieve sensitive information from affected Microsoft Exchange servers. It is associated with the CreateAttachmentFromUri method, which lacks the necessary URI validation before accessing resources. ZDI-23-1581 (Severity: 7.1, High): It is the third Server-Side Request Forgery (SSRF) vulnerability found in Microsoft Exchange, among other zero-day vulnerabilities that were mentioned. As a result, malicious actors can exploit it to gain unauthorized access to resources and sensitive information on impacted Microsoft Exchange servers. ZDI-23-1580 (Severity: 7.1, High): Identified as another Server-Side Request Forgery (SSRF) vulnerability, it pertains to the DownloadDataFromOfficeMarketPlace method, which fails to enforce proper URI validation. It resides in the DownloadDataFromUri method, which lacks proper URI validation before allowing access to resources, making it exploitable by threat actors to access sensitive information on affected Microsoft Exchange servers. ZDI-23-1579 (Severity: 7.1, High): This vulnerability is described as a Server-Side Request Forgery (SSRF) issue. It occurs due to the ChainedSerializationBinder class failing to adequately validate user-supplied input, granting threat actors the opportunity to execute code on affected versions of Microsoft Exchange, operating within the SYSTEM context. ZDI-23-1578 (Severity: 7.5, High): It is described as an Untrusted Data Deserialization vulnerability, which leads to Remote Code Execution. Let’s explore the specifics of each vulnerability: Nevertheless, it is important to acknowledge that threat actors can acquire credentials through various means, such as phishing, to meet this prerequisite. The ZDI advisory notes that these Microsoft Exchange vulnerabilities require authentication for successful exploitation, presenting a challenge for potential attackers. New Microsoft Exchange Zero-Day Vulnerabilities Could Lead to RCE, SSRF What Are the Vulnerabilities Affecting Microsoft Exchange?Īll four of the zero-day vulnerabilities were uncovered by Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI), which has opted for public disclosure in line with its responsible disclosure policy. The vulnerabilities are high-severity, and pertain to Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) issues. The discovery of four new zero-day vulnerabilities in Microsoft Exchange is raising concerns in the cybersecurity community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |