{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-068.pdf"
    },
    "title": "UPDATE: New Microsoft Exchange Zero-Day Vulnerabilities",
    "serial_number": "2022-068",
    "publish_date": "21-12-2022 12:50:00",
    "description": "On September 28, 2022, the security researchers at Vietnamese cybersecurity vendor GTSC published a blog post claiming they have discovered an attack campaign which utilised two zero-day bugs in Microsoft Exchange that could allow an attacker a remote code execution. The attackers are chaining the pair of zero-days to deploy web shells, notably China Choppers, on compromised servers for persistence and data theft, as well as move laterally to other systems on the victims' networks.<br>Microsoft had identified the vulnerabilities as CVE-2022-41040, a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA).",
    "url_title": "2022-068",
    "content_markdown": null,
    "content_html": null,
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}