Microsoft ha lanzado parches de actualizaciones que subsanan dos vulnerabilidades de día cero (0-day) que afectan a servidores de correo Microsoft Exchange Server, que permitirían a un atacante remoto realizar ataques del tipo server-side request forgery (SSRF) y ejecución remota de código (RCE). Actualmente para estas vulnerabilidades existen PoCs publicados en Internet.
Los productos afectados son:
- Exchange Server 2013.
- Exchange Server 2016.
- Exchange Server 2019.
Información adicional:
- https://www.cert.gov.py/wp-content/uploads/2022/10/BOL-CERT-PY-2022-38-Vulnerabilidades-de-dia-cero-en-Microsoft-Exchange-Server.pdf
- https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-0day-microsoft-exchange-server
- https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
- https://www.securityweek.com/microsoft-confirms-exploitation-two-exchange-server-zero-days
- https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
- https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9
- https://www.rapid7.com/blog/post/2022/09/29/suspected-post-authentication-zero-day-vulnerabilities-in-microsoft-exchange-server/
- https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41082
- https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
- https://www.microsoft.com/en-us/download/details.aspx?familyID=124eeb2b-4066-459e-9416-ee98683f4997
- https://www.microsoft.com/en-us/download/details.aspx?familyID=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a
- https://www.microsoft.com/en-us/download/details.aspx?familyID=09804a62-d5b7-4e38-9902-010326747aef