It has been confirmed by Microsoft that the two new zero-day vulnerabilities are being exploited.
CVE-2022-41040 & CVE-2022-241082 are tracked as these vulnerabilities.
In addition, GTSC’s mitigations blocked the attack.
On compromised servers, the attackers are chaining the pair of zero-days to install Chinese Chopper web shells.
To persist in data theft and to move laterally to other systems on the victim’s network.
The researchers found that the vulnerability was so critical that an attacker could perform RCE on compromised systems.
According to GTSC, a Chinese threat group is responsible for the attacks based on the code page for the web shells.
It also belongs to Antsword, a Chinese-based open-source website admin tool that support web shell management.
The two security flaws haven’t been disclosed by Microsoft and haven’t been assigned a CVE ID.
Microsoft was notified of the security vulnerabilities three weeks age via the Zero Day Initiative by the researchers.
The issues are tracked as ZDI-CAN-18333 and ZDI-CAN-18802 by its analysts.
The Trend Micro security advisory released Thursday evening confirms that GTSC has submitted the two new zero-day vulnerabilities to Microsoft Exchange.
In addition to IPS N-Platform, NX-Platform, and TPS, the company has already added zero-day detections.
Microsoft will soon patch this vulnerability, which is currently a developing story.