The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker. Refer to the Microsoft Security Response Center blog for mitigation guidance regarding these vulnerabilities.ĬVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Octoupdate – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. While Microsoft has not seen any further exploitation of these vulnerabilities in the wild since the targeted use in August, it is highly recommended that organizations patch their systems as attackers often reverse engineer patches to develop exploits. Novemupdate – Microsoft has released patches for these issues. Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Intune Endpoint Privilege Management.Endpoint security & management Endpoint security & management.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Azure Active Directory part of Microsoft Entra.
0 kommentar(er)
