Skip to main content

Microsoft Exchange Zero-day Remote Code Execution Vulnerabilities

Last Update Date: 9 Nov 2022 Release Date: 30 Sep 2022 10261 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Microsoft Exchange. A remote user can exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

 

[Updated on 2022-09-30] Microsoft stated that the two vulnerabilities were used for limited targeted attacks into users’ systems, the Risk Level has updated to High Risk.

 

[Updated on 2022-10-05] Microsoft updated the workaround for this issue.

 

[Updated on 2022-11-09] Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082 in Monthly Security Update for November 2022. Risk level has changed from High Risk to Medium Risk.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

 

Workaround:

Reduce the vulnerability of attacks by adding a rule to block requests with indicators of attack through the URL Rewrite Rule module on IIS server.

 

  1. In Autodiscover at FrontEnd, select tab URL Rewrite, and then Request Blocking.
  2. Add string “.*autodiscover\.json.*Powershell.*” to the URL Path.
  3. Condition input: Choose {REQUEST_URI}

Vulnerability Identifier


Source


Related Link