Microsoft has confirmed that two vulnerabilities are not only identified, but also actively exploited since the beginning of August 2022 on Microsoft Exchange. Specifically, the company founded by Bill Gates recognized that a ” limited number of attacks allowed attackers to penetrate user systems from Exchange.
Versions 2013, 2016 and 2019 are affected. Since then, the Redmond company has announced that it is actively working on patches, but these are still pending, while more than 220,000 Exchange servers are still under threat from hackers. The alert was issued by the Vietnamese cybersecurity company GTSC, which notably discovered that several websites of Exchange customers were infected with hacked code.
In fact, the first vulnerability identified, dubbed CVE-2022-41040, falsifies server-side requests. The second, named CVE-2022-41082, allows remote execution of shelled code introduced by the exploitation of the first vulnerability by an attacker who has access to PowerShell. According to Microsoft security researchers, the attacker must have a valid user ID at an Exchange server in order to successfully attack.