October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance.
Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker. Refer to the Microsoft Security Response Center blog for the mitigation guidance regarding these vulnerabilities.
CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. However, authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability, and they can be used separately.
— Lees op www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
Blijf op de hoogte
Wekelijks inzichten over AI governance, cloud strategie en NIS2 compliance — direct in je inbox.
[jetpack_subscription_form show_subscribers_total="false" button_text="Inschrijven" show_only_email_and_button="true"]Bescherm AI-modellen tegen aanvallen
Agentic AI ThreatsRisico's van autonome AI-systemen
AI Governance Publieke SectorVerantwoorde AI voor overheden
Cloud SoevereiniteitSoeverein in de cloud — het kan
NIS2 Compliance ChecklistStap-voor-stap naar NIS2-compliance
Klaar om van data naar doen te gaan?
Plan een vrijblijvende kennismaking en ontdek hoe Djimit uw organisatie helpt.
Plan een kennismaking →Ontdek meer van Djimit
Abonneer je om de nieuwste berichten naar je e-mail te laten verzenden.
