Vulnerabilities > CVE-2022-41082 - Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Related news
- MS Exchange zero-days: The calm before the storm? (source)
- ProxyNotShell – the New Proxy Hell? (source)
- Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds (source)
- Microsoft updates mitigation for ProxyNotShell Exchange zero days (source)
- Microsoft Exchange servers hacked to deploy LockBit ransomware (source)
- Microsoft adds new RSS feed for security update notifications (source)
- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (source)
- New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) (source)
- The Week in Ransomware - December 23rd 2022 - Targeting Microsoft Exchange (source)
- Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (source)
- CISA orders agencies to patch Exchange bug abused by ransomware gang (source)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
- https://www.kb.cert.org/vuls/id/915563
- http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
- https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/