Microsoft fixes critical Exchange Server vulnerability in Patch Tuesday release


Microsoft Corp. today released a patch for a critical vulnerability in Exchange Server as part of its monthly Patch Tuesday release.

The patched Exchange Server vulnerability has been officially named CVE-2022-23277. Microsoft said in an advisory that by using the critical vulnerability, an attacker could attempt to trigger malicious code in the context of the server account via a network call.

“While requiring authentication, this vulnerability affecting on-premises Exchange servers could potentially be used when moving laterally into a part of the environment that presents the possibility of business email compromise or theft. email data,” Kevin Breen, director of cyber threat research at cyber workforce optimization company Immersive Labs Ltd.told SiliconANGLE.

The affected versions of Exchange Server are 2013, 2016, and 2019. Exchange Server users are encouraged to patch their installations.

Issues with Exchange Server and vulnerabilities are ongoing. In September, the Conti ransomware gang successfully targeted unpatched installations, while a flaw designed the same month was discovered to leak credentials to unauthenticated users.

There were a total of 71 software fixes in the Patch Tuesday release, including 41 for Microsoft Windows. Other products with fixes in the release covered Visual Studio, Xbox app for Windows, Intune, Microsoft Defender, Express Logic, Azure Site Recovery, and Microsoft Edge.

Several of the fixes get more attention than others. IT news reported as the vulnerability named CVE-2022-24501 in a vulnerability in VP9 video extensions that can be exploited if an attacker tricks their victim into opening a malicious video file. A bug in HEVC Video Extensions, CVE-2022-22006, is also remotely exploitable via a crafted file.

Breen also noted that CVE-2022-24508 in Windows SMB v3 is a vulnerability “to watch, especially since Microsoft has marked it ‘more likely exploitation’ and provided additional mitigations”.

“Although successful exploitation requires valid credentials, Microsoft provides guidance on throttling SMB traffic in lateral and external connections,” Breen added. “While this is an important step in providing defense in depth, blocking these connections may also have a negative effect on other tools using these connections, which needs to be considered. in mitigation attempts.”

Picture: Microsoft

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.


Comments are closed.