Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server

Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected. One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild. See also: Microsoft acknowledges printer issues blocking Window 11 2022 Update Microsoft is blocking Windows 11 2022 Update because of blue screen issues Microsoft releases out-of-band KB5019311 update for Windows 11 Warning that it is 'aware of limited targeted attacks using… [Continue Reading]