AI & Machine Learning Products
Edge Network
Platform as a Service
Virtual & Dedicated Servers
Video Streaming Platform
Cloud for Mobile
Custom Services Products
Media & Entertainment
Financial Services
IT / Technology
Retail
Education
Web Acceleration
Video Streaming
Security & Protection
Cloud
Availability
Partnership Solutions
Corporate Solutions
On September 29, Microsoft officially disclosed that it is investigating two zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019. We prepared this post for users of these products to briefly explain the issue and how you can minimize risk.
What are these vulnerabilities? CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 allows remote code execution if the attacker has access to PowerShell.
Are they being used in the wild? Yes, Microsoft has officially confirmed that they are. The company is aware of “limited targeted attacks” that use these vulnerabilities to penetrate users’ systems. In these attacks, CVE-2022-41040 can allow an authenticated attacker to trigger CVE-2022-41082 remotely.
However, the risks are quite low. The company emphasized that authenticated access to the vulnerable Exchange Server is required to exploit either of the two vulnerabilities successfully.
How can risks be mitigated? Unfortunately, there are no patches yet. However, if you’re a Microsoft Exchange Online user, you’re out of danger. The service has built-in detections and mitigations to protect customers.
If you’re a Microsoft Exchange Server user, we advise completing both the “URL Rewrite rule” mitigation for CVE-2022-41040 and the “Disable remote PowerShell for non-admins” mitigation for CVE-2022-41082. This will help reduce risks. You can find detailed instructions in the Microsoft Security Response Center.
To be protected from zero-day vulnerabilities, use Gcore NG-WAF. We’ll keep you informed of and safe from any threats.
How we protect clients’ servers anywhere in the world. Everything about GRE tunnelingWe will explain what GRE tunnels are, how…
List of top zero-day vulnerabilities exploited during Q3–Q4 of 2022.
Our experience with location-based packet filtering on an eBPF.