Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.

“The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” Microsoft said.

We advise all our customers and audience to address this vulnerability if they are running an on-premise MS-Exchange service.

Read more by clicking the button below.

Diagram of attacks using Exchange vulnerabilities CVE-2022-41040 and CVE-2022-21082