It's a new day — oh so bright — full of new opportunities.
Zero-day vulnerability on Microsoft exchange server. The new zero-day vulnerability on the Microsoft Exchange server makes the attack more dangerous than ever.
So Before diving into the zero-day let's understand some of the basic things first.
What is a zero-day attack?
A zero-day is the exploitation of a vulnerability before there's a fix for that.
So let's understand this with an example-
So, before knowing about a vulnerability that exists already on that system or technology but that is not a problem for a company. Because no one has found it so it's like there is no vulnerability in that system.
But once the vulnerability is found. Then there will be two cases.
First case: A security researcher who found the vulnerability and it will then report it to the company. In that case, the company will patch that and reward the researcher with some bounty. That can be money or it can be swag.
Second case: A malware author who found the vulnerability and he will then write an exploit for it and release it to the public. Now all those who are using that technology are at risk.
If malware exploiting a specific vulnerability is discovered “in the wild” before a fix for that vulnerability is available, then the company has zero days to fix that problem so it is called zero-day
How do Hackers find zero-day exploits?
First of all, it takes a lot of effort. It's like a hit-and-trial method.
To find a zero-day exploit hackers need to put a lot of effort. At first, they need to find a bug in that application to exploit through. The easiest way to do that is, to crash the application, as in, do something that causes it to enter a bad state and terminate.
Crashing is usually the result of a bug in the program, which makes it go into a state the programmer did not intend, and thus is an entry door for exploiting the software (with proper input).
To find the crash, there are many many ways. The most common one is fuzzing, providing it millions of different inputs and hoping it crashes. Robust applications such as Acrobat Reader, will usually not yield anything. Many other, more advanced methods are available.
Once the crash is found, it needs to be reverse-engineered. The hacker needs to understand what exactly is going on in the program, and thus why exactly it is crashing. Once he figures that out, he knows how exactly he can manipulate that crash, to do something else instead of crashing.
At that point, the hacker develops an exploit, a relatively simple script that provides input to the application in a way that causes its bug to do something the hacker expects, such as running code from the Internet
Now, this exploit is called a zero-day exploit. It remains zero-day until it is circulated enough that people notice the existence of that bug in that software, report it, and thus the vendors start fixing the bug.
What is CVE?
CVE stands for Common Vulnerabilities and Exposures it is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number.
Zero-day affecting Microsoft Exchange server
The CVE affecting the Microsoft Exchange server is-
CVE-2022-41040
CVE-2022-41082
How to Find the vulnerability?
To find the Vulnerability
You can find the script on my GitHub
That is it for this time.
We will meet in another write-up.
Till then happy Hacking.
Comments