You are currently viewing Microsoft Validates 2 New Exchange Zero-Day Defects Being Utilized in the Wild

Microsoft Validates 2 New Exchange Zero-Day Defects Being Utilized in the Wild

Exchange Zero-Day Flaws
Microsoft formally revealed it examining 2 zero-day security vulnerabilities affecting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. ” The very first vulnerability, determined as CVE-2022-41040, is a Server-Side Demand Forgery (SSRF) vulnerability, while the 2nd, determined as CVE-2022-41082, permits remote code execution (RCE) when PowerShell is available to the aggressor,” the tech giant stated. The business likewise verified that it understands “restricted targeted attacks” weaponizing the defects to acquire preliminary access to targeted systems, however stressed that authenticated access to the susceptible Exchange Server is needed to accomplish effective exploitation. The attacks detailed by Microsoft reveal that the 2 defects are stringed together in a make use of chain, with the SSRF bug allowing a verified foe to from another location set off approximate code execution.
Read the full article here

News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.