Home Security Mitigation for Change Zero-Days Bypassed! Microsoft Points New Workarounds

Mitigation for Change Zero-Days Bypassed! Microsoft Points New Workarounds

by crpt os


Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed.

The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year.

In-the-wild attacks abusing the shortcomings have chained the two flaws to gain remote code execution on compromised servers with elevated privileges, leading to the deployment of web shells.

The Windows maker, which is yet to release a fix for the bugs, has acknowledged that a single state-sponsored threat actor may have been weaponizing the flaws since August 2022 in limited targeted attacks.

CyberSecurity

To reduce the risk of exploitation, the company also shared temporary workarounds that are designed to restrict known attack patterns through a rule in the IIS Manager.

However, according to security researcher Jang (@testanull), the URL pattern can be easily circumvented, with senior vulnerability analyst Will Dormann noting that the block mitigations are “unnecessarily precise, and therefore insufficient.”

Mitigation for Exchange Zero-Days

Microsoft has since revised the URL Rewrite rule (also available as a standalone PowerShell script) to take this into account –

  • Open IIS Manager
  • Select Default Web Site
  • In the Feature View, click URL Rewrite
  • In the Actions pane on the right-hand side, click Add Rule(s)…
  • Select Request Blocking and click OK
  • Add the string “.*autodiscover\.json.*Powershell.*” (excluding quotes)
  • Select Regular Expression under Using
  • Select Abort Request under How to block and then click OK
  • Expand the rule and select the rule with the pattern: .*autodiscover\.json.*Powershell.* and click Edit under Conditions
  • Change the Condition input from {URL} to {REQUEST_URI}

It’s not immediately clear when Microsoft plans to push a patch for the two vulnerabilities, but it’s possible that they could be shipped as part of Patch Tuesday updates next week on October 11, 2022.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex