Experts: Mitigations for Exchange server zero-days lacking

BleepingComputer reports that Microsoft's mitigations for the actively exploited Microsoft Exchange zero-day flaws, tracked as CVE-2022-41040 and CVE-2022-41082, have been deemed by cybersecurity experts to be significantly inadequate to curb attacks. Microsoft on Friday recommended that on-premises Exchange servers have their remote PowerShell access disabled for non-admin users, as well as advised that known attack patterns be blocked through an IIS Manager rule as it works on a fix for the vulnerabilities. However, such a preventive approach could be easily bypassed by threat actors, according to security researcher Jang. ANALYGENCE Senior Vulnerability Analyst Will Dormann concurred, saying the "@" in the URL block provided by Microsoft was specific and provided insufficient protection. Researchers at GTSC, who initially identified the bugs, also confirmed the findings of Jang, who suggested a new URL block to cover a broader scope of attacks. Meanwhile, organizations have been warned by security researcher Kevin Beaumont regarding the vulnerability of on-premises Exchange servers to potential attacks exploiting the flaw.