Microsoft investigates two zero-days affecting Exchange Server

Microsoft says it is investigating two zero-day vulnerabilities that affect Microsoft Exchange Server 2013, 2016 and 2019.

A blog post released by the Microsoft Security Response Center on Thursday said the first, identified as CVE-2022-41040, was a server-side request forgery vulnerability.

The second, identified as CVE-2022-41082, allowed remote code execution when PowerShell was accessible to the attacker.

British security expert Kevin Beaumont Was the first to mention the issue in a series of tweets this morning that iTWire reported, in which he said it looked like a new zero day had been discovered.

In the evening, Beaumont alerted his followers to the MSRC message, saying: “It is indeed two new zero days – however, they need authentication.

“There is no technical information, but it appears that the ProxyShell issues have not been fully resolved.”

Microsoft released updates in May and July last year to fix ProxyShell Vulnerability. Comprised of three separate bugs used as an integrated attack chain, the vulnerability allowed attackers to bypass authentication and run code as a privileged user.

Beaumont wrote: a blog post of his own Friday, in which he listed what he knew about the new rift at that time.

The MSRC post said it was aware of “limited targeted attacks using the two vulnerabilities to penetrate users’ systems.”

“In these attacks, CVE-2022-41040 may allow an authenticated attacker to remotely trigger CVE-2022-41082.

“It should be noted that authenticated access to the vulnerable Exchange server is required to successfully exploit either of the two vulnerabilities.”

The post added that the company is working to release a fix soon.

Until a fix was released, the post stated that a number of mitigations and detection tips provided as part of the post could be used to avoid any issues.

“Microsoft Exchange Online has detections and mitigations in place to protect customers. Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers,” the company said. .


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

See how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site and a major newsletter promotion and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV which will be used in promotional posts on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Previous Presbyterian Church (USA) - Upcoming Webinar: 'Practicing Inclusion'
Next Hackers give LAUSD until Monday to pay ransom