Friday 7th October 2022

Week 40 | 3rd – 7th October 2022

Key Issue: Zeroday Microsoft Exchange vulnerability mitigation can be bypassed
Cybercriminals: Ransomware groups demonstrate a diverse approach to operations
NationState: Nationstate units target the defence sector
Hacktivist: Environmental hacktivist group Guacamaya compromises military networks


Our key issue highlights
two Microsoft Exchange zeroday vulnerabilities that were discovered last week, as researchers this week have warned that mitigations provided by Microsoft can be bypassed by threat actors.

The vulnerabilities are tracked as CVE202241040 (CVSS: 8.8| OVSS: 59), a serverside request forgery vulnerability, and CVE202241082 (CVSS: 8.8| OVSS: 56), which enables remote code execution access to PowerShell dependent on adversary access. To reduce the risk of exploitation, Microsoft encouraged users to implement a rule in the Internet Information Services Manager, however, a security researcher tweeted that the URL pattern only focused on known exploits and can easily be bypassed, thus rendering the mitigation advice redundant.

The researcher has advocated a less specific, alternative string that covers a wider range of exploits. This disclosure comes amid reports that threat actors were chaining the vulnerabilities together to achieve remote code execution. As such, we assess that these vulnerabilities will continue to be widely exploited in the absence of patches from Microsoft.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.