of Cybersecurity and Infrastructure Security Agency Added Microsoft Exchange Server flaw linked to Play Ransomware attack against Rackspace Added to the catalog of known exploited vulnerabilities on Tuesday.
The privilege escalation vulnerability listed as CVE-2022-41080 is 12.2 Ransomware Attack This disrupted email access for thousands of Rackspace’s Hosted Exchange customers.
CrowdStrike is CVE-2022-41080 and CVE-2022-41082 Enable remote code execution through Outlook Web Access.
CrowdStrike researchers discovered the attack method while investigating previous attacks by the Play ransomware that were observed to be involved in attacks in Latin America. CISA has not disclosed details on whether these specific attacks are continuing, but KEV attacks are usually added to the list based on current activity.
CISA also added CVE-2023-21674. Windows Advanced Local Procedure Call (ALPC) in that catalog. According to Automox researchers, the privilege escalation vulnerability occurs when Windows improperly handles calls to his ALPC, allowing an attacker to jump from sandboxed execution within his Chromium to kernel execution. Allows privilege escalation.
The Binding Operational Directive requires federal agencies to take action to remediate the vulnerabilities by January 31st.