Products
Edge AI
AI Training
GPU Cloud
GPU CloudBoost AI/ML training with servers powered by NVIDIA
AI Inference
Inference at the Edge
Inference at the EdgeAccelerate your ML model inference for fast global performance
Edge Cloud
Compute
Basic VMs
Basic VMsManage workloads on affordable shared virtual servers
Virtual Machines
Virtual MachinesRun apps on customizable dedicated virtual servers
Bare Metal
Bare MetalDeploy apps on powerful dedicated physical servers
Containers
Managed Kubernetes
Managed KubernetesDeploy, manage, and scale Kubernetes clusters easily
Container as a Service
Container as a ServiceRun containerized apps without server provisioning
Container Registry
Container RegistrySecurely store, manage, and deploy container images.
Function as a Service
Function as a ServiceExecute serverless code functions efficiently
Networking
Load Balancer
Load BalancerRoute traffic optimally to improve app performance
5G Network
5G NetworkDeploy apps and securely connect mobile devices via 5G
Virtual Private Cloud
Virtual Private CloudManage resources in a secure isolated private cloud
Hosting
Virtual Servers
Virtual ServersHost on virtual servers with no traffic restrictions
Dedicated Servers
Dedicated ServersHost on physical servers with worldwide availability
Storage
Object Storage
Object StorageStore data in fast and scalable S3-compatible storage
File Shares
File SharesShare files across servers easily using NFS protocol
Databases
Managed PostgreSQL
Managed PostgreSQLProvision fully managed PostgreSQL databases with ease
Monitoring
Managed Logging
Managed LoggingCollect, store, and analyze application logs
About Edge Cloud
Edge Network
Application Performance
CDN
CDNAccelerate dynamic and static content delivery
FastEdge
FastEdgeDeploy serverless apps with low-latency edge computing
Media Delivery
Video Streaming
Video StreamingDeliver high-quality live and on-demand video at scale
DNS
Managed DNS
Managed DNSEnsure application availability with authoritative DNS
Public DNS
Public DNSProtect online privacy with a free DNS resolver
About Edge Network
Edge Security
Network Security
DDoS Protection
DDoS ProtectionProtect your infrastructure from evolving DDoS attacks
Application Security
WAAP
WAAPSecure apps and APIs from DDoS, bots and OWASP attacks
Solutions
By Industry
Gaming
CDN for Gaming
Game Server Protection
Game Development
Retail
CDN for E-commerce
Media & Entertainment
CDN for Video
Metaverse Streaming
TV & Online Broadcasters
Sport Broadcasting
Online Events
Financial Services
Cloud for Financial Services
Technology
Image Optimization
Web Acceleration
Wordpress CDN
Education
Online Education
By Need
Web Acceleration
Web Acceleration
Image Optimization
Wordpress CDN
Security
Game Server Protection
Video Streaming
CDN for Video
Video Hosting
Live Streaming
Availability
Multi-CDN
Cloud
Web Service
Game Development
Online Store
Migration to the Cloud
ERP in the Cloud
Pricing
Resources
Resources
Blog
Case Studies
Ebooks
Reports
White Papers
Events
Documentation
Docs
API
Product Roadmap
Help Center
Gcore Status
Tools
Looking Glass
Speed Test
Developer Tools
Partners
Partners
Intel
Intel | New CPU Generation
Intel | Ice Lakes
Hesp
Equinix
InData Labs
Ampere
Unum
Programs
White Label Solutions
Referral Program
Why Gcore
Company
About Gcore
Press
Awards
Careers
Legal Information
Platform
Network
Infrastructure
Internet Peering Points
Compliance
Under attack?Under attack?
en
Contact usContact us
Contact us

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform ā†’ Go to Gcore Platform ā†’

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting ā†’
  1. Home
  2. Insights
  3. Mitigation of two new zero-day vulnerabilities in Microsoft Exchange

Mitigation of two new zero-day vulnerabilities in Microsoft Exchange

November 3, 2022 1 min read
Mitigation of two new zero-day vulnerabilities in Microsoft Exchange

On September 29, Microsoft officially disclosed that it is investigating two zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019. We prepared this post for users of these products to briefly explain the issue and how you can minimize risk.

What are these vulnerabilities? CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 allows remote code execution if the attacker has access to PowerShell.

Are they being used in the wild? Yes, Microsoft has officially confirmed that they are. The company is aware of ā€œlimited targeted attacksā€ that use these vulnerabilities to penetrate usersā€™ systems. In these attacks, CVE-2022-41040 can allow an authenticated attacker to trigger CVE-2022-41082 remotely.

However, the risks are quite low. The company emphasized that authenticated access to the vulnerable Exchange Server is required to exploit either of the two vulnerabilities successfully.

How can risks be mitigated? Unfortunately, there are no patches yet. However, if youā€™re a Microsoft Exchange Online user, youā€™re out of danger. The service has built-in detections and mitigations to protect customers.

If youā€™re a Microsoft Exchange Server user, we advise completing both the ā€œURL Rewrite ruleā€ mitigation for CVE-2022-41040 and the ā€œDisable remote PowerShell for non-adminsā€ mitigation for CVE-2022-41082. This will help reduce risks. You can find detailed instructions in the Microsoft Security Response Center.

To be protected from zero-day vulnerabilities, use Gcore NG-WAF. Weā€™ll keep you informed of and safe from any threats.

Table of contents

Try Gcore Security

Mitigation of two new zero-day vulnerabilities in Microsoft Exchange

Related articles

How and why hackers successfully breach major companies, and what you can do to protect yourself
How and why hackers successfully breach major companies, and what you can do to protect yourself
As if businesses didnā€™t have enough cybersecurity concerns to worry about, over the last six months a ransomware group known as Brain Cipher has emerged as a serious threat to some of the worldā€™s largest organizations, hacking into systems and stealing data from targets including governments, consulting firms, and even […]
December 19, 2024 5 min read
4 AI-powered cyber threats and why AI cybersecurity is the most effective response
4 AI-powered cyber threats and why AI cybersecurity is the most effective response
AI is shaping every aspect of our digital lives, including cybersecurity. What was once a field dominated by human ingenuity and manual processes has now become a battleground of algorithms and machine learning systems. The transformative power of AI is undeniable, but it comes with a paradox: itā€™s both a […]
December 17, 2024 4 min read
10 cybersecurity trends set to shape 2025
10 cybersecurity trends set to shape 2025
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Hereā€™s a closer look at ten emerging challenges and threats […]
December 13, 2024 6 min read
Multi-vector attacks and solutions: why you need multi-layer DDoS protection
Multi-vector attacks and solutions: why you need multi-layer DDoS protection
Cyberattacks are more aggressive and adaptable than ever, and DDoS attacks are a prime example of how sophisticated these tactics have become. What used to be straightforward traffic floods have transformed into multi-vector threats that strike at multiple points in a businessā€™s infrastructure. These attacks exploit multiple network layers, targeting […]
December 11, 2024 4 min read
What is edge security? Who needs it and why?
What is edge security? Who needs it and why?
Edge security refers to protecting data, applications, and workloads at the ā€œedgeā€ of a network, close to where users and devices connect, rather than relying solely on centralized security measures. It addresses risks arising from distributed environments, such as IoT devices, remote work setups, and edge computing nodes, because threats […]
December 9, 2024 5 min read
5 practical tips to prevent live streaming disruptions
5 practical tips to prevent live streaming disruptions
Imagine the frustration of settling in to watch a highly anticipated boxing match, only for the stream to fail just before the action begins. Unfortunately, this is the reality for viewers more often than it should be, with recent examples including major sports matches and music concerts. High-profile disruptions and […]
November 21, 2024 4 min read
Navigating AI regulations in North America: balancing innovation and data sovereignty
Navigating AI regulations in North America: balancing innovation and data sovereignty
AI is rapidly becoming non-optional and irreplaceable in business operations across industries. But as more and more companies harness the power of AI, governments are stepping in and imposing regulations on how such powerful technology should be used. In North America, the regulatory environment is moving fast, particularly on AI […]
November 19, 2024 7 min read
Securing web applications and APIs at the edge: the power of edge WAAP
Securing web applications and APIs at the edge: the power of edge WAAP
As application architectures become more distributed, securing web applications and APIs requires a proactive, adaptable approach that goes beyond traditional web application firewalls (WAFs). When deployed at the edge, web application and API protection (WAAP) solutions improve security by placing protections closer to end users and possible threats. This strategic […]
November 14, 2024 3 min read

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.
Subscribe