CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability
Project:Microsoft
Product:Exchange Server
Date Added:2022-09-30Due Date:2022-10-21
Vulnerability Name
Microsoft Exchange Server Remote Code Execution Vulnerability
Description
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://nvd.nist.gov/vuln/detail/CVE-2022-41082