ZDI-23-1578
ZDI-23-1579
ZDI-23-1580
ZDI-23-1581
Discovered: 9/7/2023
Impacted Tech: Microsoft Exchange
Attacker Requirements: Authentication
Highlights:
Trend Micro’s Zero Day Initiative (ZDI) has recently disclosed four zero-day vulnerabilities that can be exploited by attackers to remotely execute arbitrary code or disclose sensitive information on affected installations.
Microsoft has decided to delay the release of fixes for these vulnerabilities, citing that the flaws were not deemed severe enough to warrant immediate servicing.
The first vulnerability, ZDI-23-1578, is a remote code execution (RCE) flaw that allows attackers to deserialize untrusted data. A successful exploitation of this vulnerability would grant an attacker the ability to execute arbitrary code with the highest level of privileges on Windows, known as ‘SYSTEM.’ Fortunately, this vulnerability has been patched in the August 2023 security update.
ZDI-23-1579 can enable an attacker to access sensitive information on Exchange servers due to insufficient URI validation.
Both ZDI-23-1580 and ZDI-23-1581 also stem from improper URI validation, which can potentially lead to unauthorized information disclosure.
Mitigation:
ZDI recommends restricting interaction with Exchange applications as a precautionary measure. Additionally, customers are strongly advised to implement multi-factor authentication to prevent attackers from accessing Exchange accounts, particularly if credentials have been compromised.
References:
Vulnerability Alert 