Security researchers have found threat actors are selling fake proof-of-concept ProxyNotShell exploits for the recently confirmed Microsoft Exchange zero-day vulnerabilities. By impersonating security researchers, the scammers are trying to pass off fake exploits to gain money.
Over the weekend, Microsoft confirmed two new vulnerabilities in Exchange Server.
The company is tracking the flaws as CVE-2022-41040 and CVE-2022-41082, respectively. Microsoft describes the first as a Server-Side Request Forgery (SSRF) bug, while the second could allow threat actors to conduct a remote code execution (RCE) attack through PowerShell.
In its guidance for the flaws, Microsoft says it has seen targeted attacks on 10 organisations. The threat actors were able to exploit the vulnerabilities and Microsoft believes the attacks come from one state-sponsored group.
Microsoft and other security researchers working on these bugs are so far keeping technical information private. This is to stop more threat actors from learning how to exploit them. It seems only a small pool of hackers have found a way to exploit the flaws.
However, one scammer has taken a nefarious initiative. On GitHub, this person/s is creating repositories that pretend to be a proof-of-concept exploit for both CVE-2022-41040 and CVE-2022-41082.
John Hammond from Huntress Labs has been tracking the scammers and charting their activity on Twitter. He found five accounts selling fake exploits: ‘jml4da’, ‘TimWallbey’, ‘Liu Zhao Khin (0daylabin)’, ‘R007er’, and ‘spher0x.’ Each account has since been removed from GitHub.
It is likely there are many more scammers looking to take advantage of the situation. Microsoft Exchange Server zero-day vulnerability exploits can sell for hundreds of thousands of dollars. Needless to say, you should not hand over any cash or crypto to anyone claiming to have an exploit.
Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again.