Microsoft finds vulnerabilities in Exchange servers

Microsoft is aware of limited targeted attacks using them

Microsoft has confirmed it is investigating two zero-day vulnerabilities in its Exchange that have been used to launch cyberattacks on organisations.

The technology giant says the vulnerabilities - labelled as CVE-2022-41040 and CVE-2022-41082 - are affecting its 2013, 2016 and 2019 Exchange servers.

The first one is a server-side request forgery vulnerability while the second allows remote code execution when PowerShell is accessible to the attacker.

"Currently, Microsoft is aware of limited targeted attacks using these two vulnerabilities," Microsoft said in a blog post.

"In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082."

Microsoft says that authenticated access to the vulnerable Exchange Server is necessary to exploit either vulnerability.

It added it is currently working on an "accelerated timeline" to release a fix.

In the meantime, the technology giant has laid out mitigation and detection guidance that users can follow.

"Microsoft Exchange Online has detections and mitigations to protect customers," the post added.

"As always, Microsoft is monitoring these detections for malicious activity and we'll respond accordingly if necessary to protect customers."

You can find out more here