AI & Machine Learning
Edge Network
Infrastructure as a Service
Platform as a Service
Virtual & Dedicated Servers
Video Streaming Platform
Security
Cloud for Mobile
Custom Services
By Industry
By Service
Referral Program
Bug Bounty Policy
Compliance
Awards and Recognition
Careers
Internet Peering Points
Events
Infrastructure
On September 29, Microsoft officially disclosed that it is investigating two zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019. We prepared this post for users of these products to briefly explain the issue and how you can minimize risk.
What are these vulnerabilities? CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 allows remote code execution if the attacker has access to PowerShell.
Are they being used in the wild? Yes, Microsoft has officially confirmed that they are. The company is aware of ālimited targeted attacksā that use these vulnerabilities to penetrate usersā systems. In these attacks, CVE-2022-41040 can allow an authenticated attacker to trigger CVE-2022-41082 remotely.
However, the risks are quite low. The company emphasized that authenticated access to the vulnerable Exchange Server is required to exploit either of the two vulnerabilities successfully.
How can risks be mitigated? Unfortunately, there are no patches yet. However, if youāre a Microsoft Exchange Online user, youāre out of danger. The service has built-in detections and mitigations to protect customers.
If youāre a Microsoft Exchange Server user, we advise completing both the āURL Rewrite ruleā mitigation for CVE-2022-41040 and the āDisable remote PowerShell for non-adminsā mitigation for CVE-2022-41082. This will help reduce risks. You can find detailed instructions in the Microsoft Security Response Center.
To be protected from zero-day vulnerabilities, use Gcore NG-WAF. Weāll keep you informed of and safe from any threats.