We’ve become aware of two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. The first vulnerability is a Server-Side Forgery vulnerability (CVE-2022-41040), while the second vulnerability allows remote code execution (CVE-2022-41082) when PowerShell is accessible to the attacker.
In combination these vulnerabilities can allow an attacker access to your system which could enable remote code execution. Microsoft is currently working on a solution however there is mitigation advice available to protect yourself from these vulnerabilities.
We strongly recommend that you follow the mitigation advice from Microsoft here.
Additional information can be found here and here.
If you have any questions or concerns please don’t hesitate to contact our Customer Support team on 0800 LEARNING.