According to Rackspace Technology, a cloud hosting company that provides managed cloud services, the massive December 2 attacks have caused the company to take action. As part of the attack, thousands of small and midsized businesses suffered disruption in their email services due to a zero-day exploit against a vulnerability in Microsoft Exchange Server called server-side request forgery (SSRF), or CVE-2022-41080.
According to Karen O’Reilly-Smith, the chief security officer at Rackspace, in an email response, the root cause of this vulnerability is a zero-day exploit associated with CVE-2022-41080. It has been reported that Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include any notes on the fact that it was part of a remote execution chain that was exploitable.
According to a third-party advisor to Rackspace, the company had yet to apply the ProxyNotShell patch because the company was concerned that it may cause “authentication errors” that could take down its Exchange servers, as well as other potential issues. As part of its mitigation strategies for the vulnerabilities, Rackspace had already implemented Microsoft’s mitigation recommendations, which the software giant had deemed as a means of preventing attacks.
A security firm called CrowdStrike was hired by Rackspace fo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: