UPDATED 19:33 EDT / MARCH 08 2022


Microsoft patches critical Exchange Server vulnerability in Patch Tuesday release

Microsoft Corp. today released a fix for a critical vulnerability in Exchange Server as part of its monthly Patch Tuesday release.

The Exchange Server vulnerability addressed was officially named CVE-2022-23277. Microsoft stated in an advisory that by using the critical vulnerability, an attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

“While requiring authentication, this vulnerability affecting on-prem Exchange servers could potentially be used during lateral movement into a part of the environment which presents the opportunity for business email compromise or data theft from email,” Kevin Breen, director of cyber threat research at cyber workforce optimization company Immersive Labs Ltd., told SiliconANGLE.

The affected versions of Exchange Server are 2013, 2016 and 2019.  Users of Exchange Server are encouraged to patch their installations.

Issues with Exchange Server and vulnerabilities have been ongoing. In September, the Conti ransomware gang successfully targeted unpatched installs, while a designed flaw the same month was founded to leak credentials to unauthenticated users.

There were 71 fixes for software in the Patch Tuesday release in total, including 41 for Microsoft Windows. Other products with patches in the release covered Visual Studio, the Xbox app for Windows, Intune, Microsoft Defender, Express Logic, Azure Site Recovery and Microsoft Edge.

Several of the patches are gaining more attention than others. IT News reported that the vulnerability named CVE-2022-24501 in a vulnerability in the VP9 Video Extensions that can be exploited if an attacker tricks their victim into opening a malicious video file. A bug in HEVC Video Extensions, CVE-2022-22006, is also remotely exploitable via a crafted file.

Breen also noted that CVE-2022-24508 in Windows SMB v3 is a vulnerability “to watch out for, especially as Microsoft has marked it ‘exploitation more likely’ and provided additional mitigations.”

“While successful exploitation requires valid credentials, Microsoft provides advice on limiting SMB traffic in lateral and external connections,” Breen added. “While this is a strong step in providing defense-in-depth, blocking such connections can also have an adverse effect on other tools using these connections, something to be considered in mitigation attempts.”

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.