Zero-day vulnerabilities in Microsoft Exchange Server

Threat Advisories

Zero-day vulnerabilities in Microsoft Exchange Server

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Microsoft Exchange Server has two zero-day vulnerabilities. One of them is a Server-Side Request Forgery (SSRF) vulnerability(CVE-2022-41040), while the second is a remote code execution (RCE) vulnerability (CVE-2022-41082)in PowerShell. An authenticated attacker can exploit these vulnerabilities together to gain access to a victim’s system by chaining them together.

Sign up to receive our Weekly Threat Digest