The Australian Cyber Security Centre (ACSC) has reported zero-day vulnerabilities associated with Microsoft Exchange Server 2013, 2016 and 2019.
Microsoft has published a list of common vulnerabilities and exposures (CVEs), assigned to:
- CVE-2022-41082 – remote code execution vulnerability
- CVE-2022-41040 – elevation of privilege vulnerability
Historical CVEs related to ProxyShell have also been noted, including:
- CVE-2021-34473 – pre-auth path confusion leads to ACL bypass (patched in April by KB5001779).
- CVE-2021-34523 – elevation of privilege on exchange powerShell backend (patched in April by KB5001779).
- CVE-2021-31207 – post-auth arbitrary-file-write leads to RCE (patched in May by KB5003435).
Organisations yet to deploy mitigations or those who have suffered breaches have been urged to search for post-exploitation activity including deployment of webshells.
The ACSC has advised stakeholders to monitor the situation and has encouraged impacted organisations to report the incidents to the agency.
Thus far, the ACSC is not aware of successful exploitation within Australia.
[Related: ACSC and Five Eyes joint advisory issued, warning of Iranian cyber threats]