Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

betanews

30 Sep 2022 0 shares 1 views

Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

betanews

Published 30 Sep 2022

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected. One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild. See also: Microsoft acknowledges printer issues blocking Window 11 2022 Update Microsoft is blocking Windows 11 2022 Update because of blue screen issues Microsoft releases out-of-band KB5019311 update for Windows 11 Warning that it is "aware of limited targeted attacks using… [Continue Reading]

Full Article

Related news coverage

Microsoft Releases Updates to Fix 62 Software Vulnerabilities

Softpedia 14 Sep 2022

Microsoft has released new security updates to resolve no more, no less than 62 vulnerabilities in its software. But while the..

Microsoft is working on a new File Locksmith PowerToys utility to reveal which processes are using a file
betanews 30 Sep 2022
Microsoft confirms new Exchange zero-days are used in attacks
Upworthy 30 Sep 2022

Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

You might like

Related news coverage

Microsoft Releases Updates to Fix 62 Software Vulnerabilities

Advertisement