Vulnerabilities

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Issued by: Help Net Security

Source
Advertisement


Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.”

About the vulnerabilities (CVE-2022-41040, CVE-2022-41082)

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 allows remote code execution when PowerShell is accessible to the attacker, Microsoft explained.

Read more
You might also like
Vulnerabilities

How Cybercriminals Are Operationalizing Money Laundering and What to Do About It

Malware & Threats, Vulnerabilities

How to Optimize Security Spending While Reducing Risk

Vulnerabilities

Five Emerging Threats That Worry Global Security Professionals

Vulnerabilities

Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched

Advertisement