New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

Threat Advisory: Microsoft Exchange Server-Zero Day Vulnerabilities

Event Summary

Two Zero-Day vulnerabilities (previously undisclosed but now linked to  CVE-2022-41040 & CVE-2022-41082)  are currently exploited by attackers to get Authorized RCE access on Microsoft Exchange Servers (2013, 2016 and 2019)


Product Affected Vulnerable Version CVE-CVSS Associated Risk / Details for vulnerability Recommendations
MS Exchange Server 2013 – 2016 – 2019 CVE-2022-41040



Authenticated server-side request forgery vulnerability in Microsoft Exchange Servers (2022-41040) with a CVSSv3 score of 6.6 and authenticated remote code execution vulnerability (2022-41082) assigned a CVSSv3 score of 8.8 The current Exchange Server mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns. Exchange Server customers should review and choose only one of the following three mitigation options.


SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. At this time, SOD recommends applying vendor recommendations and actions immediately.

SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the usage of those vulnerabilities to exploit systems actively. Information about new IoCs and IoAs will be included proactively as part of the monitoring mechanism included on Threat Watch on their multiple service tiers.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Resources – Microsoft Advisory

Vulnerabilities reported: