Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Microsoft Exchange Online has detections and mitigations in place to protect customers. Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers.

Mitigations

  • Microsoft Exchange Online or Office 365 – do not need to take any action. On-premises, Microsoft Exchange customers should review and apply the following URL Rewrite Instructions and block exposed Remote PowerShell ports.
  • On-Premise Exchange Users – Please review Microsoft’s recommendations here

Long-term Recommendation

  • CBM advises clients that are currently using an on-premise Microsoft Exchange server to migrate to Office 365.  As a cloud application, Microsoft constantly updates the platform for increased security. CBM Technology can assist in migration to Office 365 and if interested contact @ sales@cbmtech.com.
  • If you have any questions or concerns about the current vulnerability, please reach out to our support team at support@cbmtech.com.