Microsoft has revealed it’s investigating two new zero-day vulnerabilities affecting the corporate’s Exchange Server which is actively being exploited by hackers.
Microsoft mentioned it’s conscious of restricted focused assaults utilizing these two vulnerabilities.
The firm mentioned an attacker would want authenticated entry to the weak Exchange Server, equivalent to stolen credentials, to efficiently exploit both of the 2 vulnerabilities.
“In these assaults, CVE-2022-41040 can allow an authenticated attacker to remotely set off CVE-2022-41082. It needs to be famous that authenticated entry to the weak Exchange Server is important to efficiently exploit both vulnerability,” Microsoft mentioned in a safety replace.
The firm was engaged on an accelerated timeline to launch a repair.
“Until then, we’re offering mitigations and the detection steering under to assist prospects shield themselves from these assaults,” it added.
Last yr, Microsoft launched an emergency safety replace for its Exchange e-mail and communications software program as at the least 30,000 organisations throughout the US have been hit by hackers who stole e-mail communications from their techniques.
US President Joe Biden’s administration had blamed China for the Microsoft Exchange e-mail server software program hacking. The cyber assaults hit defence contractors, greater schooling establishments and nongovernmental organisations all over the world.
Microsoft mentioned that it was monitoring new zero-day “detections for malicious exercise and we’ll reply accordingly if essential to guard prospects”. “Exchange Online prospects don’t must take any motion,” it added.