Zero-day vulnerabilities in Microsoft Exchange Server

September 30, 2022

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Microsoft Exchange Server has two zero-day vulnerabilities. One of them is a Server-Side Request Forgery (SSRF) vulnerability(CVE-2022-41040), while the second is a remote code execution (RCE) vulnerability (CVE-2022-41082)in PowerShell. An authenticated attacker can exploit these vulnerabilities together to gain access to a victim’s system by chaining them together.

Zero-day vulnerabilities in Microsoft Exchange Server

Threat Level

Vulnerability Report

Summary

Sophos Zero-day vulnerability becomes target for attackers

BlackByte uses a new attack technique to target vulnerable Windows drivers

Recent Posts