Microsoft looking into reports of a third Exchange Server zero-day?
Security vendor that discovered bug recommends organizations limit IIS app operating privileges on Exchange Server [297 words] What: Microsoft apparently is looking into a report it received from South Korean cybersecurity vendor AhnLab about yet another Exchange Server zero-day vulnerability. To be clear, the vulnerability it is reportedly looking into now is different from the […]
Read MoreHere’s what you need to know about the new (actively exploited) Microsoft Exchange Server 0-Days: CVE-2022-41040 and CVE-2022-41082
Latest update: Microsoft has updated its mitigation for the flaw. Implement it. [265 words] What: Two zero-day vulnerabilities exist in Microsoft Exchange Server 2013, 2016 and 2019. One of the flaws CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability. The other is CVE-2022-41082, allows Remote Code Execution (RCE) via PowerShell. Both vulnerabilities require an attacker […]
Read More