Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

Modified on Wed, 05 Oct 2022 at 05:37 AM

During the weekend Microsoft announced a brand new zero-day hole in Microsoft Exchange affecting Microsoft Exchange Server 2013, 2016, and 2019. 


The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. 

For more details refer to the article: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/


Since CoreView Hybrid agent uses the Exchange Server PowerShell Virtual Directory where the vulnerabilities were identified and security is one of our top priorities, we promptly investigated the issue and replicated the behavior.


We generally recommend Exchange Server PowerShell Virtual Directory not published to the Internet and the private access to this service is managed by your Firewall allowing only internal applications, such as CoreView Hybrid Agent, to connect. 


However, if you can't apply those security restrictions to the configuration settings of that PowerShell Virtual Directory, CoreView officially tested the mitigation steps described in the following article published by Microsoft:


https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/


For this reason, we do recommend applying the URL rewrite conditions described in the URL rewrite URL chapter of the above article. 


Using this configuration, the CoreView Hybrid Agent will continue to work without any issues.


As suggested by Microsoft, these vulnerabilities impact on-premises and hybrid Exchange Environment, so Exchange Online customers do not need to take any action.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article