Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
Identifier: CVE-2022-41040
Exploit or POC: Yes (Actively Being Exploited)
Update: Vendor has not published an update for this vulnerability to date.
Description: CVE-2022-41040 allows an attacker to achieve server-side request forgery. The executed requests are comparable to Proxy Shell formatting. To successfully exploit this vulnerability authentication is required. This vulnerability is annexed in conjunction with CVE-2022-41082 in that it elicits arbitrary code execution.
Mitigation recommendation: Mitigation steps listed here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
RedLegg Action: None at this time.
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability
Identifier: CVE-2022-41082
Exploit or POC: Yes (Actively Being Exploited)
Update: Vendor has not published an update for this vulnerability to date.
Description: CVE-2022-41082 allows for remote code execution that impacts Microsoft Exchange Servers. CVE-2022-41082 is directly linked to CVE-2022-41040. Authentication is required for successful exploitation of this vulnerability.
Mitigation recommendation: Mitigation steps listed here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
RedLegg Action: None at this time.