Exploit for Deserialization of Untrusted Data in Microsoft

Name: Exploit for Deserialization of Untrusted Data in Microsoft
Rating: 5 (86 reviews)
2022-10-01 | CVSS 8.3
## https://sploitus.com/exploit?id=5D652B55-850E-5043-96F0-43DE64B98D34
# nse-exchange

Nmap NSE scripts to check against exchange vulnerability (CVE-2022-41082).
NSE scripts check most popular exposed services on the Internet. It is basic script which checks if virtual patching works.

### Examples

Since, there is no patch currently - only workarounds are checked if host is vulnerable.

Simple Example:
```
nmap -sV -T4 -v --script=http-vuln-cve-2022 scanme.nmap.org
```

Faster run (large subnets):
```
nmap -p443 -T4 -v --script=http-vuln-cve-2022 10.0.0.0/16
```

## Sample Output

### Vulnerable
Vulnerable:
```
nmap -Pn -T4 -p443 --script=http-vuln-cve2022-41082.nse 127.0.0.1

Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-01 13:37 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.030s latency).

PORT    STATE SERVICE
443/tcp open  https
| http-vuln-cve2022-41082:
|   VULNERABLE:
|   Microsoft Exchange - 0-day RCE
|     State: VULNERABLE
|     IDs:  CVE:CVE-2022-41082
|     Risk factor: High  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/AU:N/C:C/I:C/A:C)
|       Exchange 0-day vuln: CVE-2022-41082
|
|     Disclosure date: 2022-09-29
|     References:
|       https://vulners.com/cve/CVE-2022-41082
|       https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
|       https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
|_      https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Nmap done: 1 IP address (1 host up) scanned in 0.59 seconds
```

### Not Vulnerable

```
nmap -Pn -T4 -p443 --script=http-vuln-cve2022-41082.nse scanme.nmap.org

Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-01 13:39 CEST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.17s latency).

PORT    STATE  SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds
```

# References

General references and links to the vulnerability

## Microsoft

[Microsoft Blog](https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/) - Microsoft blog about CVE-2022-41082

[Microsoft Mitigation Tool](https://microsoft.github.io/CSS-Exchange/Security/EOMTv2) - Microsoft Exchange On-premises Mitigation Tool v2

[Microsoft Guidance](https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/) - Microsoft Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

## Other testing tools

[VNCCERT-CC 0dayex-checker](https://github.com/VNCERT-CC/0dayex-checker) - Zeroday Microsoft Exchange Server checker (Virtual Patching checker)


# Credits

Authored by Vlatko Kosturjak (Diverto). Thanks to Dalibor S.