The same night as GTSC’s release, Microsoft announced they had confirmed two new exploits currently being tracked as CVE-2022-41040 and CVE-2022-41082. The first CVE, CVE-2022-41040, is a Server-Side Request Forgery vulnerability that can be leveraged with CVE-2022-41082 to achieve a Remote Code Execution (RCE).
Microsoft also stated that they are aware of targeted attacks using these exploits in the wild. Meaning there is currently an active campaign to compromise vulnerable hosts.
Microsoft also noted that for either of these vulnerabilities to be exploited successfully, the attacker must have some form of valid credentials.
While there has not been an official patch for this vulnerability as of 2022-10-03, Microsoft has released a mitigation guide which the reader can find here.
We have created an interactive dashboard for tracking these Microsoft Exchange services with Censys scan data. This vulnerability has been reported to work on the following:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019.