Microsoft has confirmed that two Exchange server zero-day vulnerabilities have been exploited by cybercriminals.  GTSC, a Vietnamese cyber security company was the first to discover the flaws and believe attacks have been happening since August. Microsoft soon posted official guidance about the vulnerabilities:

Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.

At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.

Microsoft has declined to say when patches would be available but has advised companies on following GTSC’s temporary fixes until the time patches are available.

Netlink Technology have applied the suggested temporary fix to all affected managed systems.  If you require assistance or more information, please do not hesitate to contact our support team.