Emergency Vulnerability Bulletin - 09/30/22

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png featured image

By: RedLegg Blog

Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability

Identifier: CVE-2022-41040

Exploit or POC: Yes (Actively Being Exploited)

Update: Vendor has not published an update for this vulnerability to date.

Description: CVE-2022-41040 allows an attacker to achieve server-side request forgery. The executed requests are comparable to Proxy Shell formatting. To successfully exploit this vulnerability authentication is required. This vulnerability is annexed in conjunction with CVE-2022-41082 in that it elicits arbitrary code execution.

Mitigation recommendation: Mitigation steps listed here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

RedLegg Action: None at this time.

 

Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability

Identifier: CVE-2022-41082

Exploit or POC: Yes (Actively Being Exploited)

Update: Vendor has not published an update for this vulnerability to date.

Description: CVE-2022-41082 allows for remote code execution that impacts Microsoft Exchange Servers. CVE-2022-41082 is directly linked to CVE-2022-41040. Authentication is required for successful exploitation of this vulnerability.

Mitigation recommendation: Mitigation steps listed here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

RedLegg Action: None at this time.