BleepingComputer reports that Microsoft's mitigations for the actively exploited Microsoft Exchange zero-day flaws, tracked as CVE-2022-41040 and CVE-2022-41082, have been deemed by cybersecurity experts to be significantly inadequate to curb attacks.
Microsoft on Friday recommended that on-premises Exchange servers have their remote PowerShell access disabled for non-admin users, as well as advised that known attack patterns be blocked through an IIS Manager rule as it works on a fix for the vulnerabilities.
However, such a preventive approach could be easily bypassed by threat actors, according to security researcher Jang. ANALYGENCE Senior Vulnerability Analyst Will Dormann concurred, saying the "@" in the URL block provided by Microsoft was specific and provided insufficient protection.
Researchers at GTSC, who initially identified the bugs, also confirmed the findings of Jang, who suggested a new URL block to cover a broader scope of attacks.
Meanwhile, organizations have been warned by security researcher Kevin Beaumont regarding the vulnerability of on-premises Exchange servers to potential attacks exploiting the flaw.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.