Another 2 Exchange Zero-Day Flaws Confirmed by Microsoft In-The-Wild Exploitations
Recently, Microsoft has stated that they've been looking into two zero-day security vulnerabilities impacting Exchange Servers for versions from 2013, 2016, and 2019 following reports of several in-the-wild exploitations.
Microsoft said in a released statement, "the first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker."
With that tech giant said they're aware of "limited, targeted attacks" and are working on using these vulnerabilities and further weaponizing them. These attacks are possible because of two separate flaws in an exploit chain. This vulnerability and the SSRF allow an authenticated adversary to trigger arbitrary code execution remotely.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.