Description

Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities Microsoft Exchange Server.

Affected systems

The two vulnerabilities are affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Microsoft Exchange Online is not affected.

Security Risks

In these attacks, the first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker. 

For full advisories addressing these vulnerabilities, refer to Microsoft’s Security advisories.

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

1. Follow the advisory shared by Microsoft and apply suggested mitigations to lower the risk of vulnerability exploitation.

2. Apply the required and latest security updates as soon as they’re shared by Microsoft.

3. Before updating or applying the workaround, please ensure you have the latest backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009

References

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ 

https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/