1. CVE-2022-42827

Severity - High

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

More details : Strobes VI - CVE-2022-42827

Zeroday references:

1. https://www.zero-day.cz/database/726

Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022102435
2. https://support.apple.com/en-us/HT213490
3. https://support.apple.com/en-us/HT213489

‍

2. CVE-2022-42458

Severity - Low

More details : Strobes VI - CVE-2022-42458

Zeroday references:

1. https://www.zero-day.cz/database/724

Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022101101‍

‍

3. CVE-2022-41082

Severity - High

Microsoft Exchange Server Remote Code Execution Vulnerability.

More details : Strobes VI - CVE-2022-41082

Exploit references: 

1. https://github.com/revers0id/CVE-2022-41082-PoC
2. https://github.com/jml4da/CVE-2022-41082-POC
3. https://github.com/spher0X/CVE-2022-41082-RCE
4. https://github.com/Diverto/nse-exchange
5. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_webshell_chopper.yml
6. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop.yml
7. https://github.com/krc0m/CVE-2022-41082
8. https://github.com/0xR0o7/CVE-2022-41082-MASS-RCE
9. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop_suspicious.yml
10. https://github.com/kev-beaumont/CVE-2022-41082-RCE-POC
11. https://github.com/V1rpo/CVE-2022-41082-MASS-RCE
12. https://github.com/kevibeaumont/CVE-2022-41082-RCE-POC
13. https://github.com/b3wT/CVE-2022-41082-MASS-SCANNER
14. https://github.com/t0mby/CVE-2022-41082-RCE
15. https://github.com/t0mby/CVE-2022-41082-MASS-RCE
16. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file/file_event/file_event_win_exchange_webshell_drop_suspicious.yml
17. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file/file_event/file_event_win_exchange_webshell_drop.yml
18. https://github.com/backcr4t/CVE-2022-41082-RCE
19. https://github.com/trhacknon/CVE-2022-41082-MASS-SCANNER

Zeroday references:

1. https://www.zero-day.cz/database/722
2. https://portswigger.net/daily-swig/microsoft-confirms-zero-day-exploits-against-exchange-server-in-limited-attacks

Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022093001
2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082

‍

4. CVE-2022-41040

Severity - High

Microsoft Exchange Server Elevation of Privilege Vulnerability.

More details: Strobes VI - CVE-2022-41040

Exploit references: 

1. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_webshell_chopper.yml
2. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop.yml
3. https://github.com/numanturle/CVE-2022-41040
4. https://github.com/CentarisCyber/CVE-2022-41040_Mitigation
5. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop_suspicious.yml
6. https://github.com/r3dcl1ff/CVE-2022-41040
7. https://github.com/d3duct1v/CVE-2022-41040
8. https://github.com/kev-beaumont/CVE-2022-41040-RCE-POC
9. https://github.com/kevibeaumont/CVE-2022-41040-RCE-POC
10.  https://github.com/gitzero0/ProxyNotShell
11.  https://github.com/kljunowsky/CVE-2022-41040-POC
12.  https://github.com/rjsudlow/proxynotshell-IOC-Checker
13. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file/file_event/file_event_win_exchange_webshell_drop_suspicious.yml
14. https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file/file_event/file_event_win_exchange_webshell_drop.yml
15.  https://github.com/ITPATJIDR/CVE-2022-41040
16.  https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell
17.  https://github.com/trhacknon/CVE-2022-41040-metasploit-ProxyNotShell

Zeroday references:

1. https://www.zero-day.cz/database/723
2. https://portswigger.net/daily-swig/microsoft-confirms-zero-day-exploits-against-exchange-server-in-limited-attacks

‍Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022093001
2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040

‍

5. CVE-2022-41033

Severity - High

Windows COM+ Event System Service Elevation of Privilege Vulnerability.

More details : Strobes VI - CVE-2022-41033

Zeroday references:

1. https://www.zero-day.cz/database/725

Patch references:

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715

‍

Zero-Day Attack Prevention:

These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.

• Once the security patches are available, update all programmes and software.
• Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
• Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.

• Operate on sites that are secured with Secure Socket Layer (SSL).
• Go for multiple layer protection with Web application firewalls
• Protect the content of individual transmissions with the help of Virtual LANs.

‍

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild. 

‍