UPDATED 19:33 EDT / MARCH 08 2022

SECURITY

Microsoft patches critical Exchange Server vulnerability in Patch Tuesday release

Microsoft Corp. today released a fix for a critical vulnerability in Exchange Server as part of its monthly Patch Tuesday release.

The Exchange Server vulnerability addressed was officially named CVE-2022-23277. Microsoft stated in an advisory that by using the critical vulnerability, an attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

“While requiring authentication, this vulnerability affecting on-prem Exchange servers could potentially be used during lateral movement into a part of the environment which presents the opportunity for business email compromise or data theft from email,” Kevin Breen, director of cyber threat research at cyber workforce optimization company Immersive Labs Ltd., told SiliconANGLE.

The affected versions of Exchange Server are 2013, 2016 and 2019.  Users of Exchange Server are encouraged to patch their installations.

Issues with Exchange Server and vulnerabilities have been ongoing. In September, the Conti ransomware gang successfully targeted unpatched installs, while a designed flaw the same month was founded to leak credentials to unauthenticated users.

There were 71 fixes for software in the Patch Tuesday release in total, including 41 for Microsoft Windows. Other products with patches in the release covered Visual Studio, the Xbox app for Windows, Intune, Microsoft Defender, Express Logic, Azure Site Recovery and Microsoft Edge.

Several of the patches are gaining more attention than others. IT News reported that the vulnerability named CVE-2022-24501 in a vulnerability in the VP9 Video Extensions that can be exploited if an attacker tricks their victim into opening a malicious video file. A bug in HEVC Video Extensions, CVE-2022-22006, is also remotely exploitable via a crafted file.

Breen also noted that CVE-2022-24508 in Windows SMB v3 is a vulnerability “to watch out for, especially as Microsoft has marked it ‘exploitation more likely’ and provided additional mitigations.”

“While successful exploitation requires valid credentials, Microsoft provides advice on limiting SMB traffic in lateral and external connections,” Breen added. “While this is a strong step in providing defense-in-depth, blocking such connections can also have an adverse effect on other tools using these connections, something to be considered in mitigation attempts.”

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU