Zero-day vulnerabilities in Microsoft Exchange Server

Threat Level – Red | Vulnerability Report
Download PDF

Microsoft Exchange Server has two zero-day vulnerabilities. One of them is a Server-Side Request Forgery (SSRF) vulnerability(CVE-2022-41040), while the second is a remote code execution (RCE) vulnerability (CVE-2022-41082)in PowerShell. An authenticated attacker can exploit these vulnerabilities together to gain access to a victim’s system by chaining them together.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox