Today’s #MicrosoftCloudQuickFix is that #Microsoft has released the November 2022 Exchange Server Security Updates which contain fixes for the CVE-2022-41040 and CVE-2022-41082 vulnerabilities reported at the end of September 2022 and reported discussed on my blog post below:
Exchange Server Patch Alert! – Microsoft Cloud Quick Fix (mscqf.com)
CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and can only be exploited by authenticated attackers while CVE-2022-41082 allows remote code execution (RCE) when PowerShell is accessible to the attacker.
The November 2022 Exchange Server Security Updates are available for Exchange Server 2013 CU23 (Note: Support ends in April 2023), Exchange Server 2016 CU22 and CU23, and Exchange Server 2019 CU11 and CU12. Since #Microsoft has been made aware of active exploits of related vulnerabilities their (and my) recommendation is to install these updates immediately!
Microsoft has indicated that #ExchangeOnline customers are already protected from the vulnerabilities addressed in the November 2022 Exchange Server Security Updates and do not need to take any action other than updating any remaining on-premises Exchange servers.
For more information about this and Exchange Server Patching see:
- Released: November 2022 Exchange Server Security Updates – Microsoft Community Hub
- Exchange Server build numbers and release dates
- Exchange Server supportability matrix
- Upgrade Exchange to the latest Cumulative Update
- Security Update Guide – Microsoft
- Exchange Emergency Mitigation (EM) service
#Microsoft #Microsoft365 #ExchangeOnline #ExchangeServer #MicrosoftCloudQuickFix