Exchange Server Patch Alert!

Get ready to patch your on-premises versions of Exchange Server ASAP! This is today’s #MicrosoftCloudQuickFix !

Yet again as announced by #Microsoft on Friday September 30, 2022 there are two new reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 that are being exploited…

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and can only be exploited by authenticated attackers while CVE-2022-41082 allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Microsoft has said it’s “working on an accelerated timeline” to provide a patch for the two newly disclosed vulnerabilities and while mitigations exist I would recommend a rapid patch deployment once one is available and of course always keeping your Exchange Servers up-to-date with the latest Cumulative Update (CU) and Security Updates (SU).

Microsoft indicated that #ExchangeOnline customers don’t need to take any action at the moment because the company has detections and mitigation in place and of course will apply the patch seamlessly once available – Anyone still need a business case for migration to #ExchangeOnline ?

For more information about this and Exchange Server Patching see:

#Microsoft #Microsoft365 #ExchangeOnline #MicrosoftExchangeServer #MicrosoftCloudQuickFix

Leave a Reply

Your email address will not be published. Required fields are marked *