CISA Adds CVE-2022-41080 and CVE-2023-21674 to the Known Exploited Vulnerabilities Catalog

FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability) and CVE-2023-21674 (Microsoft Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability) to their Known Exploited Vulnerabilities catalog on January 10, 2023. The catalog list vulnerabilities that are being actively exploited in the wild and require federal agencies to apply patches by the due date.Why is this Significant?This is significant because CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability) and CVE-2023-21674 (Microsoft Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability) both on CISA’s Known Exploited Vulnerabilities Catalog are being actively exploited in the wild. As such, patches should be applied to both vulnerabilities as soon as possible.Successful exploitation of CVE-2022-41080 allows attackers to elevate privileges and perform malicious activities. The vulnerability has a CVSS score of 8.8.CVE-2023-21674 can be leveraged for a browser sandbox escape to gain SYSTEM privileges in vulnerable systems. The vulnerability has a CVSS score of 8.8.Has the Vendor Released a Patch for CVE-2022-41080 and CVE-2023-21674?Yes. Patches for CVE-2022-41080 and CVE-2023-21674 are available.What is the Status of Protection?FortiGuard Labs have the following IPS protection in place for CVE-2022-41080 and CVE-2023-21674:CVE-2022-41080MS.Exchange.Server.OWA.Remote.Code.Execution (default action is set to “pass”)CVE-2023-21674Microsoft Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (default action is set to “pass”)

Read More