CISA mandates agencies to patch two privilege escalation flaws

Share post:

The Cybersecurity and Infrastructure Security Agency (CISA) gave all Federal Civilian Executive Branch Agencies (FCEB) three weeks until January 31st to address two security flaws and block potential attacks.

The two flaws include a Microsoft Exchange elevation of privileges flaw tracked as CVE-2022-41080 and a privilege escalation zero-day tracked as CVE-2023-21674.

CVE-2022-41080 can be paired with a ProxyNotShell bug tracked as CVE-2022-41082 to gain remote code execution. Already, Play ransomware attackers are exploiting the flaw as a zero-day to bypass Microsoft’s ProxyNotShell URL rewrite mitigations and escalate permissions on compromised Exchange servers.

Since the exploit used in the attack has already been publicly provided, more attackers are attempting to exploit the flaw. Organizations with on-premises Microsoft Exchange servers are therefore advised to deploy the latest Exchange security updates immediately or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.

The second flaw (CVE-2023-21674), a privilege escalation zero-day in the Windows Advanced Local Procedure Call (ALPC) is also being exploited by attackers.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways