Risk | High |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2022-41080 CVE-2022-41079 CVE-2022-41123 CVE-2022-41078 |
CWE-ID | CWE-264 CWE-451 |
Exploitation vector | Network |
Public exploit | Vulnerability #1 is being exploited in the wild. |
Vulnerable software Subscribe |
Microsoft Exchange Server Server applications / Mail servers |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU69097
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-41080
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to application does not properly impose security restrictions. A remote authenticated user can escalate privileges within the Exchange server.
Note, this vulnerability is suspected to be used in a new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Oct22SU 15.00.1497.042 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080
http://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU69096
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41079
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data within the SerializationTypeConverter class. A remote user can perform spoofing attack. MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Oct22SU 15.00.1497.042 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079
http://www.zerodayinitiative.com/advisories/ZDI-22-1604/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69095
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41123
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions. A local user can bypass implemented security restrictions and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2016 CU22 Oct22SU 15.01.2375.032 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123
http://www.zerodayinitiative.com/advisories/ZDI-22-1603/
http://www.zerodayinitiative.com/advisories/ZDI-22-1602/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69093
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41078
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data within the ApprovedApplication class. A remote user can perform spoofing attack.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Oct22SU 15.00.1497.042 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078
http://www.zerodayinitiative.com/advisories/ZDI-22-1601/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.