Threat Actors Exploiting On-Premises Microsoft Exchange Zero-Day Vulnerabilities: What You Need to Know

Security researchers have identified that threat actors are actively exploiting zero-day vulnerabilities within Microsoft Exchange. Here’s a rundown of what you need to know.

What’s going on?

Microsoft is currently investigating two newly reported zero-day vulnerabilities that affect on-premises Microsoft Exchange Server 2013, 2016 and 2019. The first vulnerability is tracked as CVE-2022-41040 and is a server-side request forgery (SSRF) vulnerability.

The second vulnerability is tracked as CVE-2022-41082 and allows remote code execution (RCE) when PowerShell is accessible to attackers. Attackers can use CVE-2022-41040 to remotely trigger CVE-2022-41082, but it should be noted that authenticated access to the vulnerable Exchange server is necessary to successfully exploit either vulnerability.

Microsoft notes there are indications these vulnerabilities are being actively exploited by threat actors and recommends implementing remediation activities as soon as possible on affected servers.

What is Nuspire doing?

Nuspire does not use on-premises Exchange and is not affected by these vulnerabilities.

What should I do?

While there are no patches currently available, fortunately there are recommended mitigations released from Microsoft while they work on an “accelerated timeframe” to release a fix.

Clients using On-Premises Microsoft Exchange Server 2013, 2016 or 2019 should review Microsoft’s advisory, specifically the section on mitigations for steps to remediate these vulnerabilities.

Exchange Online customers do not need to take any action.

Have you registered for our next event?