CISA: Immediate patching for Lorenz ransomware-exploited Exchange flaw needed

The Cybersecurity and Infrastrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog with two more security flaws, including a Microsoft Exchange privilege escalation bug, tracked as CVE-2022-41080, according to BleepingComputer. Such a vulnerability has been added to CISA's KEV catalog after Rackspace confirmed that it had been leveraged by the Play ransomware gang to evade ProxyNotShell URL rewrite mitigations issued by Microsoft and facilitate escalation of permissions on compromised Exchange servers. Other attackers could also use the OWASSRF exploit in attacks. CISA has also included a zero-day privilege escalation bug in the Windows Advanced Local Procedure Call, which has been addressed as part of this month's Patch Tuesday. Federal agencies have been ordered to remediate the newly-added vulnerabilities by the end of the month but all organizations have also been urged to apply the necessary fixes for the flaws. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," said CISA.