Get ready to patch your on-premises versions of Exchange Server ASAP! This is today’s #MicrosoftCloudQuickFix !
Yet again as announced by #Microsoft on Friday September 30, 2022 there are two new reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 that are being exploited…
CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and can only be exploited by authenticated attackers while CVE-2022-41082 allows remote code execution (RCE) when PowerShell is accessible to the attacker.
Microsoft has said it’s “working on an accelerated timeline” to provide a patch for the two newly disclosed vulnerabilities and while mitigations exist I would recommend a rapid patch deployment once one is available and of course always keeping your Exchange Servers up-to-date with the latest Cumulative Update (CU) and Security Updates (SU).
Microsoft indicated that #ExchangeOnline customers don’t need to take any action at the moment because the company has detections and mitigation in place and of course will apply the patch seamlessly once available – Anyone still need a business case for migration to #ExchangeOnline ?
For more information about this and Exchange Server Patching see:
- Exchange Server build numbers and release dates
- Exchange Server supportability matrix
- Upgrade Exchange to the latest Cumulative Update
- Security Update Guide – Microsoft
- Exchange Emergency Mitigation (EM) service
#Microsoft #Microsoft365 #ExchangeOnline #MicrosoftExchangeServer #MicrosoftCloudQuickFix