Zero-day vulnerabilities in Microsoft Exchange Server
Zero-day vulnerabilities in Microsoft Exchange Server
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
Microsoft Exchange Server has two zero-day vulnerabilities. One of them is a Server-Side Request Forgery (SSRF) vulnerability(CVE-2022-41040), while the second is a remote code execution (RCE) vulnerability (CVE-2022-41082)in PowerShell. An authenticated attacker can exploit these vulnerabilities together to gain access to a victim’s system by chaining them together.