12月2日,雲端服務業者Rackspace傳出他們代管的Exchage伺服器環境出現問題,導致使用者在存取網頁郵件介面OWA、將郵件同步至收信軟體時會出現錯誤,或是一直要求使用者重新輸入密碼的現象。事隔1天,該公司證實是遭到網路攻擊,導致他們決定暫時切換代管的Exchange環境,並提供用戶臨時的Microsoft 365授權。研究人員懷疑很有可能是Rackspace所採用的Exchange系統較舊,存在重大漏洞ProxyNotShell而被盯上,駭客對其發動相關攻擊。此漏洞在今年9月被發現,在今年11月微軟已釋出修復檔,建議針對該漏洞檢查Exchange版本。
-CVE-2022-41082
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2013 Cumulative Update 23
-CVE 2022-41040
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2013 Cumulative Update 23
-Fortigate
CVE-2022-41040 Microsoft Exchange ProxyNotShell Vulnerabilities
CVE-2022-41082 Microsoft Exchange ProxyNotShell Vulnerabilities
-Palo Alto
CVE-2022-41040 Microsoft Exchange Server SSRF Vulnerability
-Trend Micro Deep Discovery Inspector (DDI) Rules
4593: EXCHANGE SSRF EXPLOIT - HTTP(REQUEST)
4624: EXCHANGE EXPLOIT - HTTP(RESPONSE)
-Trend Micro Cloud One - Network Security & TippingPoint ThreatDV Malware Protection Filters
39522: HTTP: Microsoft Exchange Server Autodiscover SSRF Vulnerability (PWN2OWN ZDI-21-821)
41776: ZDI-CAN-18333: Zero Day Initiative Vulnerability (Microsoft Exchange)
-Trend Micro Cloud One - Workload Security, Deep Security & Vulnerability Protection IPS Rules
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473 and ZDI-CAN-18802)
1011548 - Microsoft Exchange Server Remote Code Execution Vulnerability (ZDI-CAN-18333
-Firepower:
SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt
SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
-Citrix:
WEB-MISC Microsoft Exchange Server - RCE Vulnerability (CVE-2022-41082, CVE-2022-41040)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040