CVE-2022-41082: Microsoft Exchange Server Remote Code Execution Vulnerability

CVE ID

CVE-2022-41082

Vulnerability Name

Microsoft Exchange Server Remote Code Execution Vulnerability

• Project: Microsoft
• Product: Exchange Server

Date

• Date Added: 2022-09-30
• Due Date: 2022-10-21

Description

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082

Related Security News

• New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List