Hackers can easily bypass mitigation for Microsoft Exchange security vulnerabilities

Microsoft sign

Late last week, Microsoft confirmed the existence of two actively exploited zero-day vulnerabilities in Exchange Server. Tracked as CVE-2022-41082 and CVE-2022-41040, both security flaws are worrying as they are known to be actively exploited.

While it works on a fix, Microsoft offered up instructions to mitigate the vulnerabilities. But it turns out that it is incredibly easy to bypass, with security experts warning that the method used is too specific, rendering it ineffective.

See also:

Advertisement

As reported by Bleeping Computer, at least two security researchers have criticized Microsoft's approach to blocking potential attacks. One describes the rules suggested by the company as being "unnecessarily precise", while another points out that "the URL pattern to detect/prevent the Exchange 0day provided in MSRC's blog post can easily be bypassed".

Security research @testanull jumped on the ease of bypassing Microsoft's mitigation very quickly, tweeting:

Another security researcher, Will Dormann, shared his analysis of the mitigations too:

The video he linked to demonstrates how easy it is to bypass the rule:

To boost security, note the suggestion to use the URL block .*autodiscover\.json.*Powershell.* instead of Microsoft's proposal.

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.