Novel Microsoft Exchange zero-day allegedly used in LockBit ransomware attack probed

BleepingComputer reports that Microsoft has launched an investigation on a new Microsoft Exchange server zero-day vulnerability discovered by AhnLab to have been leveraged to facilitate LockBit ransomware attacks. Such a flaw has been exploited by attackers to enable privilege escalation and the theft of nearly 1.3TB of data, as well as network system encryption, a report from AhnLab revealed. "Among the vulnerabilities disclosed after May, there were no reports of vulnerabilities related to remote commands or file creation. Therefore, considering that WebShell was created on July 21, it is expected that the attacker used an undisclosed zero-day vulnerability," AhnLab said in its report. Microsoft is so far working to fix actively exploited Microsoft Exchange zero-days, tracked as CVE-2022-41040 and CVE-2022-41082, which are believed to be different from the one reported by AhnLab due to variations in tactics. "It is presumed that a different attacker used a different zero-day vulnerability," said AhnLab.