SEPTEMBER 30, 2022 19:35 GMT
This alert from Pillr is intended to brief users and administrators on newly discovered threats, vulnerabilities, and critical software updates.
Mitigation guidance has been provided while Microsoft develops a full patch.
Background
Microsoft is investigating two zero-day vulnerabilities being actively exploited against Exchange servers. When chained together, an authenticated attacker may perform a Remote Code Execution against Exchange. Mitigation steps have been provided.
Vulnerability Details
Microsoft is actively investigating targeted attacks using CVE-2022-41040, a Server-Side Request Forgery (SSRF), and CVE-2022-41082, which allows an authenticated attacker with access to PowerShell to perform a Remote Code Execution attack.
Impacted platforms: Microsoft Exchange Server 2013, 2016, and 2019.
Currently, authentication is required to perform this exploit chain.
Mitigation
Consult the linked Microsoft advisory for the current mitigation guidance, as well as Sentinel and MS365 detections. Apply the countermeasures appropriate to your environment.
Currently, Exchange Online customers need not take action to mitigate these vulnerabilities.
Continue to monitor the status of the recommended mitigation steps until a full patch is released.
Since there is an authentication requirement to this attack, account and password management best practices may provide additional protection for your environment.
