CISA mandates agencies to patch two privilege escalation flaws

The Cybersecurity and Infrastructure Security Agency (CISA) gave all Federal Civilian Executive Branch Agencies (FCEB) three weeks until January 31st to address two security flaws and block potential attacks.

The two flaws include a Microsoft Exchange elevation of privileges flaw tracked as CVE-2022-41080 and a privilege escalation zero-day tracked as CVE-2023-21674.

CVE-2022-41080 can be paired with a ProxyNotShell bug tracked as CVE-2022-41082 to gain remote code execution. Already, Play ransomware attackers are exploiting the flaw as a zero-day to bypass Microsoft’s ProxyNotShell URL rewrite mitigations and escalate permissions on compromised Exchange servers.

Since the exploit used in the attack has already been publicly provided, more attackers are attempting to exploit the flaw. Organizations with on-premises Microsoft Exchange servers are therefore advised to deploy the latest Exchange security updates immediately or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.

The second flaw (CVE-2023-21674), a privilege escalation zero-day in the Windows Advanced Local Procedure Call (ALPC) is also being exploited by attackers.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web