Microsoft reported Zero-day vulnerability in Microsoft Exchange Server – CVE-2022-41040, CVE-2022-41082
Alert Severity: High
Issue Date: 2022-09-29
CVE(s): CVE-2022-41040, CVE-2022-41082
Impacted Products and Versions: Microsoft Exchange Server 2013, 2016, and 2019
Description:
Microsoft has reported zero-day vulnerability impacting Exchange Servers running on 2013, 2016 and 2019. First vulnerability is CVE 2022-41040, It’s server-side request forgery (SSRF) vulnerability and second vulnerability is CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the hacker.
Mitigation:
The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> Autodiscover -> URL Rewrite -> Actions” to block the known attack patterns.
Microsoft has confirmed that the following URL Rewrite Instructions, which are currently being discussed publicly, are successful in breaking current attack chains.
There is no impact from this vulnerability on Microsoft Exchange online.
Vulnerabilities in Zoom On-Premise Meeting Connector
CISA is warning of high-severity PAN-OS DDoS flaw used in attacks
