November 3, 2023 at 11:22AM
Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. While authentication is required for exploitation, cybercriminals have various methods to obtain Exchange credentials. Restricting interaction with Exchange apps and implementing multi-factor authentication are suggested mitigation strategies. Microsoft has not yet responded to ZDI’s disclosure.
Key takeaways from the meeting notes:
1. Microsoft Exchange is affected by four zero-day vulnerabilities that can be exploited remotely to execute arbitrary code or disclose sensitive information.
2. The vulnerabilities were disclosed by Trend Micro’s Zero Day Initiative (ZDI) and reported to Microsoft on September 7th and 8th, 2023.
3. Microsoft’s security engineers determined that the flaws were not severe enough to warrant immediate servicing and decided to postpone the fixes.
4. ZDI disagreed with Microsoft’s response and decided to publish the flaws under its own tracking IDs to warn Exchange admins about the security risks.
5. The vulnerabilities have been summarized as follows:
– ZDI-23-1578: Remote code execution (RCE) flaw in the ‘ChainedSerializationBinder’ class.
– ZDI-23-1579: Flaw in the ‘DownloadDataFromUri’ method that allows access to sensitive information.
– ZDI-23-1580: Vulnerability in the ‘DownloadDataFromOfficeMarketPlace’ method that may lead to unauthorized information disclosure.
– ZDI-23-1581: Flaw in the CreateAttachmentFromUri method that risks exposing sensitive data.
6. All the vulnerabilities require authentication for exploitation, which reduces their severity rating. However, cybercriminals have various methods to obtain Exchange credentials.
7. The RCE vulnerability (ZDI-23-1578) is particularly concerning as it can result in a complete system compromise.
8. ZDI suggests restricting interaction with Exchange apps as a mitigation strategy, but this may be disruptive for businesses and organizations using the product.
9. Implementing multi-factor authentication is recommended to prevent unauthorized access to Exchange instances, even if account credentials are compromised.
10. BleepingComputer has reached out to Microsoft for comment on ZDI’s disclosure and is awaiting a response.