Skip to main content

Remediation Released for Zero-day Vulnerabilities in Microsoft Exchange Server

Microsoft has released remediation for the two exploited vulnerabilities known as ProxyNotShell that concern server-side forgery leading to RCE

Threat ID:
CC-4210
Threat Severity:
High
Published:
9 November 2022 12:33 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Microsoft has released remediation for the two exploited vulnerabilities known as ProxyNotShell that concern server-side forgery leading to RCE

Affected platforms

The following platforms are known to be affected:

Versions: 2013, 2016, 2019

Microsoft Exchange Server

Threat details

Exploitation in the wild

Proof-of-concept exploit code has been publicly released and exploitation has been reported in the wild.

Introduction

Microsoft has released security updates to remediate against two previously disclosed and exploited vulnerabilities in Microsoft Exchange Server. The vulnerability known as CVE-2022-41040 concerns server-side request forgery (SSRF), and the second vulnerability, known as CVE-2022-41082, could allow remote code execution (RCE) when PowerShell is accessible to the attacker. 

A remote, authenticated attacker could abuse CVE-2022-41040 in order to exploit CVE-2022-41082, which could lead to remote code execution (RCE).

Follow up to previous High Severity Cyber Alert CC-4178

The remediation in this Cyber Alert replaces the guidance previously released in CC-4178. Affected organisations are only required to follow the guidance in this article.

Threat updates

Date Update
21 Nov 2022 Exploitation and a public proof-of-concept released

This Cyber Alert has been updated to reflect that there has been exploitation in the wild reported and a public proof-of-concept released.

Remediation advice

Affected organisations are required to read the following security advisories and apply all relevant security updates.

Last edited: 21 November 2022 12:43 pm