Attackers can bypass Microsoft Exchange mitigation for on-premise servers 

Share post:

Researchers have warned that mitigations published by Microsoft to fix two new Microsoft Exchange zero-day vulnerabilities can be circumvented by hackers.

In a tweet, security expert Jang explained that Microsoft’s temporary solution to prevent the exploitation of CVE-2022-41040 and CVE-2022-41082 is insufficient and can be bypassed with little effort.

Jang’s claims were verified. Instead of the URL block required by Microsoft, Jang offered a less specific alternative that would cover a wider range of attacks: “.autodiscover\.json.*PowerShell.*”

Microsoft’s mitigation instructions apply to on-premise Exchange Server customers and that Exchange Outline clients do not need to take action.

However, many organizations have a hybrid setup that combines on-prem with Microsoft Exchange’s cloud deployment.

Some organizations believe that a hybrid Microsoft Exchange setup would protect them from attack. However, security expert Kevin Beaumont explained that once there is an on-premise Exchange Server deployment, the organization remains at risk.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways