CVE-2022-38784 is a vulnerability that affects the Microsoft Exchange Server. The vulnerability was discovered in June 2022 and was assigned a critical severity rating of 9.8 out of 10. It occurs due to an improper validation of user-supplied data in the ECP module of the Exchange Server, which allows remote attackers to execute arbitrary code with SYSTEM privileges on the target system.
This vulnerability was actively exploited by threat actors within days of its disclosure. The exploitation attempts were primarily targeting organizations in the United States and Europe. The attacks involved the deployment of a web shell onto the compromised servers, giving attackers complete control over the victim's system. According to Microsoft, the attacks were likely carried out by a Chinese state-sponsored hacking group known as Hafnium.
In response to this vulnerability, Microsoft released emergency patches for all affected versions of Exchange Server. Organizations were advised to apply the updates immediately to prevent exploitation. Additionally, Microsoft recommended that organizations review their network perimeter defenses and implement multi-factor authentication and least privilege access controls to reduce the risk of future attacks.