CISA directs agencies to fix Exchange bug exploited by ransomware band

Cybersecurity and Infrastructure Security Agency has today added two additional security flaws to their list of exploited bugs.

First, a Microsoft Exchange privileges bug (CVE-2022-4080 ) that can be linked with CVE-2022-4082 ProxyNotShell to allow remote code execution.

Rackspace that Play ransomware exploited it to get around Microsoft’s . It also escalated permissions on the compromised Exchange servers.

CrowdStrike security experts spotted the exploit and gave it the name. It was also along with other ransomware tools like Play.

It will be easier for cybercriminals create custom exploits and adapt the Play ransomware tool to their needs, increasing the need to update the vulnerability quickly.

Organisations that have Microsoft Exchange servers on premises should immediately deploy the most recent Exchange security updates (November 2022 is the minimum level of patch) or disable Outlook Web Access until they are able to apply CVE-2022-4080 patches.

CISA has added a second vulnerability to its Known Exploited Viabilities (KEV), a privilege escalation Zero-Day ( ) within the Windows Advanced Local Procedure Call. This was tagged as exploitable in attacks, and Microsoft patched it during .

Federal agencies must patch up until January 31st

CISA issued a BOD22-01, requiring all Federal Civilian Executive Branch Agencies to protect their networks from bugs that were added to the KEV catalogue.

CISA granted FCEB agencies today three weeks to fix the security holes and prevent potential attacks on their system.

Although this directive is only applicable to U.S. Federal agencies, CISA strongly encouraged all other organizations to address these vulnerabilities in order to prevent exploitation attempts.

CISA today warned that these types of vulnerabilities can be exploited by malicious cyber-agents and are a frequent threat to federal enterprises.

CISA has added over 800 vulnerabilities to its bug list since the BOD 22-01 directive. Federal agencies must address these flaws on a stricter schedule in order to avoid security breach.