Summary:
On September 29, 2022, the Microsoft Security Response Center (MSRC) confirmed attacks exploiting two reported zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) in Microsoft Exchange Server. The issues affect on-premises Microsoft Exchange Server versions 2013, 2016, and 2019.
According to MSRC, CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability. CVE-2022-41082 creates the conditions that allow remote code execution (RCE) if the threat actor has PowerShell access. The SSRF enables a threat actor to remotely trigger the RCE. The threat actor must have authenticated access to exploit these vulnerabilities. Threat actors are reportedly scanning for and exploiting vulnerable Exchange servers.
Recommended actions:
Until patches are available, Our security partners recommend that customers review the MSRC blog post and apply the mitigation guidance as appropriate in their environments.
Questions:
If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk