CVE-2022-41082

Microsoft | Exchange ServerAdded 2022-09-30Remediation Deadline 2022-10-21Active Ransomware Campaign

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-502

References

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://nvd.nist.gov/vuln/detail/CVE-2022-41082

Cybersecurity Alerts

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability

Required Action

Weakness Classification

References