Jako CVE-2022-41040 a CVE-2022-41082 publikoval 30.9.2022 Microsoft zprávu Analyzing attacks using the Exchange vulnerabilities.
Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker.
This message is not associated with Microsoft 365 Roadmap.
...další obsah je k dispozici pouze pro registrované uživatele