Tuesday , September 10 2024

ZDI published the vulnarabilities
New Microsoft Exchange zero-days allow RCE, data theft attacks

Trend Micro’s Zero Day Initiative (ZDI) Thursday (02.11.23) published four zero days vulnerabilities of Microsoft Exchange which can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

Bleeping Computer reported, these vulnerabilities were reported to Microsoft on September 7th and 8th, 2023. Microsoft acknowledges the reports but postpones the fixes for later.

ZDI disagreed with this response and decided to publish the flaws under its own tracking IDs to warn Exchange admins about the security risks.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

Summarize of the vulnerabilities published by ZDI:

ZDI-23-1578 – A remote code execution (RCE) flaw in the ‘Chained Serialization Binder’ class, where user data isn’t adequately validated, allowing attackers to reserialize untrusted data. Successful exploitation enables an attacker to execute arbitrary code as ‘SYSTEM,’ the highest level of privileges on Windows.

ZDI-23-1579 – Located in the ‘Download Data From Uri’ method, this flaw is due to insufficient validation of a URI before resource access. Attackers can exploit it to access sensitive information from Exchange servers.

ZDI-23-1580 – This vulnerability, in the ‘Download Data From Office Market Place’ method, also stems from improper URI validation, potentially leading to unauthorized information disclosure.

ZDI-23-1581 – Present in the Create Attachment From Uri method, this flaw resembles the previous bugs with inadequate URI validation, again, risking sensitive data exposure.

Authentication is needed to exploit these vulnerabilities, which makes them less severe with a CVSS rating between 7.1 and 7.5. Requiring authentication is a factor that helps reduce their impact. This could be why Microsoft did not prioritize fixing the bugs.

ALSO READ:

Daily Cybersecurity update, November 03

It should be noted, though, that cybercriminals have many ways to obtain Exchange credentials, including brute-forcing weak passwords, performing phishing attacks, purchasing them, or acquiring them from info-stealer logs.

That said, the above zero-days shouldn’t be treated as unimportant, especially ZDI-23-1578 (RCE), which can result in complete system compromise.

ZDI suggests that the only salient mitigation strategy is to restrict interaction with Exchange apps. However, this can be unacceptably disruptive for many businesses and organizations using the product.

We also suggest implementing multifactor authentication to prevent cybercriminals from accessing Exchange instances even when account credentials have been compromised.

Bleeping Computer has contacted Microsoft to ask about ZDI’s disclosure and are still waiting for a response.

 

Source: ZDI, Bleeping computer

 

Check Also

KEY

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary …

Leave a Reply

Your email address will not be published. Required fields are marked *