incident response team looking in to a cyber attack that occurs
  • Insight
  • 2 min read

Threat Intelligence and Vulnerability Analysis

Vulnerabilities in Microsoft Exchange (CVE-2022-41040, CVE-2022-41082)

Two zero-day vulnerabilities have been publicly disclosed in Microsoft Exchange; this is what we know.

CVE-2022-41040 and CVE-2022-41082 in Brief

On September 29, 2022, a cybersecurity company published a report [1] about having discovered previously unknown vulnerabilities in Microsoft Exchange. The vulnerabilities are very similar to another vulnerability discovered last year named ProxyShell.

The new vulnerabilities have been acknowledged by Microsoft and have been assigned the following CVE numbers: CVE-2022-41040 and CVE-2022-41082. Important to know is that these vulnerabilities affect those who run Exchange on-premises.

Customer Response

Microsoft has published [2] guidance about mitigations that can be implemented for those who use Microsoft Exchange on-prem. As a user of Microsoft Exchange, you thus have to determine whether or not to implement these temporary mitigations or disconnect OWA from the internet until a patch is readily available to be applied.

Truesec Response

We have been monitoring the development since the publication and have rules in place detecting any attempts at exploiting the vulnerability. We’re also proactively threat-hunting (where possible, necessary and relevant) for all known indicators, but also likely and expected behaviors as a consequence of exploitation.

We’re also continuing to monitor for any exploitation attempts and threat actors attempting to find potentially vulnerable servers.

Concluding Remarks on Exchange Vulnerability

This is a currently unfolding series of events that we are closely monitoring. If judged necessary and relevant, we will update this notice with more information as it becomes available.