News

13/01/2022

Critical HTTP and Microsoft Exchange Server vulnerabilities – Remote Code Execution

Summary:

On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication, but Microsoft labeled them as “exploitation more likely.”

HTTP protocol stack vulnerability CVE-2022-21907 impacts multiple Windows versions. The vulnerability affects http.sys, which is a Windows web server implementation that runs in kernel mode. Microsoft describes the vulnerability as “wormable,” meaning that it could be remotely exploited and enable malicious code to spread from one host to another without user interaction.

CVE-2022-21846, CVE-2022-21855, and CVE-2022-21969 could allow threat actors to take control of Exchange servers. These vulnerabilities impact Exchange Server 2013, 2016, and 2019. Threat actors must have an existing foothold in an environment to exploit these vulnerabilities.

Recommendation(s):

Customers should review the Microsoft guidance listed in the References section and apply patches and mitigations as appropriate in their environments.

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

References:

Related Posts

17/01/2024
Ivanti vulnerabilities (CVE-2023-46805, CVE-2024-21887) in widespread exploitation – Action Recommended

Summary: January 10, 2024, Ivanti published an advisory regarding two vulnerabilities (CVE-2023-46805 and CVE-2024-21887) that impact all supported versions of the Connect Secure (formerly known as Pulse Connect Secure) and Policy Secure gateways. CVE-2023-46805 is… More »

News
18/12/2023
Critical Apache Struts 2 vulnerability (CVE-2023-50164) in active exploitation – Action Recommended

Summary: Apache disclosed a critical vulnerability (CVE-2023-50164) in the Apache Struts 2 open-source framework. Successful exploitation can allow an attacker to manipulate file upload parameters to enable path traversal and upload a malicious file. The… More »

News
13/12/2023
2023 Christmas Checklist

To prepare for your Christmas break, please take a minute to read the below checklist, to help make sure there are no unwanted interruptions over the festive period, or in fact any uninvited surprises waiting… More »

News

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners