Microsoft Confirms Two Exchange Zero-Day Vulnerabilities

30 September 2022

Microsoft has today confirmed the existence of two new zero-day vulnerabilities allowing for remote code execution on Microsoft Exchange Server 2013, 2016, and 2019, following previous claims made by security researchers at Vietnamese cybersecurity firm GTSC. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” Microsoft said.

Read full article on Infosecurity

Date:

30 September 2022

Categorie(s):

NEWS

Tag(s):

Exchange Server, Exchanges, Exploitation, Security Pro, Zero Days

An Empty S3 Bucket Can Make Your AWS Bills Explode30 April 2024
Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024
Why the automotive sector is a target for email-based cyber attacks30 April 2024
Passwords under seven characters can be easily cracked30 April 2024