Two vulnerabilities for hosted Microsoft Exchange servers (CVE-2022-41040, CVE-2022-41082) have been identified as currently being exploited in organization environments. The vulnerabilities only exist within hosted (on premise) exchange servers and Microsoft reports the Microsoft Exchange Online has protections in place. Many clients have migrated their user base to Exchange Online or Microsoft Office365 but there may still be Exchange servers operating in the environment, being used for mail relays and other IT functions.
Overview of the Problem: Security researchers have identified 2 vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019. The 2 vulnerabilities can be chained to allow an attacker to escalate privilege within an environment.
There is currently no patch for these vulnerabilities, however Microsoft is aware and is working on a solution. Microsoft has stated they are working at an accelerated pace to patch this issue but has not released an anticipated patch date.
The vulnerabilities are listed below:
Exploitability: These vulnerabilities have exploits available and have been seen being leveraged.
Risk: The overall risk for these vulnerabilities is Medium for our clients; as most clients have moved away from on premise Exchange for their end users, but some may still have an Exchange server set-up for miscellaneous purposes (Mail relay, Azure AD sync, O365 sync, etc.).
Compensating Factors/Controls: There are several ways to determine if your organization is vulnerable to this vulnerability:
- Review your CMDB to see if you have Microsoft Exchange servers.
- Engage the IT team to determine if they are aware of legacy Exchange servers (even if they are no longer in use).
- Verify if ports 5985 and/or 5986 are open either, externally or internally.
Microsoft has also published several ways to mitigate the risk these vulnerabilities present, they are summarized in the below Recommendation section.
1. Review your environment for any Microsoft Exchange servers, Fortalice has seen legacy Exchange servers that, through lack of formalized decommissioning processes, have lingered in environments.
2. If you have any Exchange servers on premise follow the Microsoft guidelines for mitigations.
3. If you need additional assistance, we at Fortalice are willing to assist you in assessing your current risk and roadmapping you future cybersecurity posture.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.
With this Fortalice Solutions' Client Advisory, we hope to provide important takeaways for organizations regarding the usage of conversational ChatGPT, and other, lesser-known AI platforms. While there are some very tangible benefits to ChatGPT, Fortalice believes strongly that there is a need for risk assessments, updated policies, and processes to protect intellectual property and company-sensitive information.