Contents:
On January 10th, the Cybersecurity and Infrastructure Security Agency (CISA) added two more new vulnerabilities to its catalog of actively exploited bugs.
CISA ordered agencies to patch the bugs as soon as possible to avoid exploitation by threat actors.
The Vulnerabilities in Cause and What They Do
The first one tracked as CVE-2022-41080, is a Microsoft Exchange elevation of privileges bug, that can be chained with the CVE-2022-41082 ProxyNotShell bug to gain remote code execution.
The bug has already been exploited by Play ransomware in its attack on Texas-based cloud computing provider Rackspace. The threat actor exploited the vulnerability as a zero-day to bypass Microsoft’s ProxyNotShell URL rewrite mitigations and escalate permissions on compromised Exchange servers.
The exploit used, also known as OWASSRF, was also shared online alongside other malicious tools belonging to Play ransomware.
The urgency of patching the vulnerability as quickly as possible is increased by the likelihood that this will make it simpler for other cybercriminals to develop their own unique exploits or modify the Play ransomware’s tool for their own uses.
The most recent Exchange security updates should be installed right away (November 2022 being the minimum patch level), or Outlook Web Access (OWA) should be disabled until CVE-2022-41080 remedies can be installed.
The second vulnerability added by CISA to its Known Exploited Vulnerabilities (KEV) catalog is a privileged escalation zero-day tracked as CVE-2023-21674, tagged by Microsoft as being actively exploited in attacks and patched in this month’s Patch Tuesday release.
FCEB Agencies Have to Patch Until the End of the Month
According to BleepingComputer, CISA gave all Federal Civilian Executive Branch Agencies (FCEB) agencies a deadline until January 31st to address the two security flaws and block potential attacks targeting their systems.
In November 2021, CISA issued a binding operational directive (BOD 22-01) which requires all FCEB agencies to secure their networks against bugs added to the KEV catalog. Even if this directive only applies to U.S. agencies, CISA advises all organizations to fix these vulnerabilities if they want to keep exploitation attempts at bay.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,
CISA Statement (Source)
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
