Security News > 2022 > September > Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild
2022-09-30 09:01

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation.

"The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution when PowerShell is accessible to the attacker," the tech giant said.

The company also confirmed that it's aware of "Limited targeted attacks" weaponizing the flaws to obtain initial access to targeted systems, but emphasized that authenticated access to the vulnerable Exchange Server is required to achieve successful exploitation.

The attacks detailed by Microsoft show that the two flaws are stringed together in an exploit chain, with the SSRF bug enabling an authenticated adversary to remotely trigger arbitrary code execution.

The Redmond-based company also confirmed that it's working on an "Accelerated timeline" to push a fix, while urging on premises Microsoft Exchange customers to add a blocking rule in IIS Manager as a temporary workaround to mitigate potential threats.

It's worth noting that Microsoft Exchange Online Customers are not affected.


News URL

https://thehackernews.com/2022/09/microsoft-confirms-2-new-exchange-zero.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
0.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399