"US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog"
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The first flaw is a Microsoft Exchange server privilege escalation vulnerability, tracked as CVE-2022-41080. The vulnerability, together with CVE-2022-41082 (ProxyNotShell), can be used for Remote Code Execution (RCE). The Play ransomware group exploited the vulnerability in a recent attack against the Cloud services provider Rackspace. On December 2, 2022, the threat actors used a previously undisclosed security vulnerability, called OWASSRF by Crowdstrike, for initial access to the Rackspace Hosted Microsoft Exchange. The new exploit chain circumvents Microsoft's ProxyNotShell vulnerability mitigations. Experts from the government warn that other ransomware gangs could use the same exploit chain in the wild. The second vulnerability added to the KEV Catalog is a Microsoft Windows Advanced Local Procedure Call (ALPC) privilege escalation flaw, tracked as CVE-2023-21674, with a CVSS score of 8.8. The ALPC elevation of privilege bug could lead to a browser sandbox escape. This vulnerability allows an attacker to gain SYSTEM privileges. This article continues to discuss the two new vulnerabilities added to CISA's KEV Catalog.