Published September 30, 2022
Recently a new attack campaign was announced against on-premises Microsoft Exchange servers. The exploits leverage CVE-2022-41040 and CVE-2022-41082 to achieve Remote Code Execution(RCE) on Microsoft Exchange. Administrators are urged to follow Microsoft’s guidance in mitigating exposure until Microsoft makes a patch available.
How can RocketCyber help?
RocketCyber has been monitoring customer environments for suspicious activity using our Advanced Breach Detection App to detect compromises and create security incidents for exploits that leverage vulnerabilities such as this.
Additionally, we have deployed an update to our Microsoft Exchange Hafnium Exploit Detection App to perform additional detection of indicators of compromise (IoC) specific to these new Microsoft vulnerabilities. We have renamed the App “Microsoft Exchange Exploit Detection” to reflect its ability to detect multiple types of Exchange exploits under active attack.
Please ensure that these apps are enabled in your RocketCyber App Store to ensure detection of a compromise.
Our SOC team will continue to monitor the situation around the clock, and you will be notified if additional action is required.