Cloud Architect
Couple of new Zero-day Vulnerabilities are identified in Microsoft Exchange Servers which are acknowledged and being addressed by Microsoft under the CVEs [CVE-2022-41040 –Side Request Forgery SSRF] , [CVE-2022-41082 –Remote Code Execution RCE ].
What is the impact due to these Vulnerabilities?
Authenticated attackers who can access PowerShell Remoting on vulnerable Exchange systems will be able to trigger the Remote Code Execution and can make lateral movements to other servers in the system.
What is the Mitigation plan from Microsoft?
Please review the detailed step by step mitigation plan released by “Microsoft Security response Center”
All Exchange customers are advised to implement the mitigation plan as soon as possible since these are active and wildly exploit vulnerabilities now.
Is there a patch released by Microsoft for these vulnerabilities?
Microsoft is actively working on releasing a patch but at this moment customers are advised to implement the mitigation plan as soon as possible.
Is Exchange Online (Microsoft 365) affected by these vulnerabilities?
Microsoft has assured that necessary detections and mitigations are in place to protect the Microsoft 365 (Exchange Online) customers. Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions.
Helient strongly recommends taking the necessary steps to mitigate these active wildly exploit vulnerabilities to keep your Exchange server environment safe and secure. If you would like more information or assistance, please contact our industry-leading experts at service@helient.com.