05.10.2022
The security vulnerabilities CVE-2022-41040 and CVE-2022-41082 (also called zero-day vulnerabilities) in Exchange Server are already being actively exploited. So there is a need for action, because the flaw in MS Exchange that has now become known can lead to hackers and data thieves gaining access to a company's mails from outside and thus also being able to penetrate deeper into the system. Another gap allows malicious code to be installed on the affected computers. Attackers can also write their data to the servers in order to carry out attacks on other systems from there. According to Microsoft, the current zero-day vulnerabilities only work with an account authenticated on the server.
Microsoft provides instructions here on how to close critical gaps in corresponding versions of Exchange: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/.
Do you have questions about the security gap and need more information or short-term support? Don't hesitate, contact our experts directly now and let us check how threatened your company is.
TSO-DATA
Marvin Hitzfeld
it-infrastruktur[at]tso[dot]de
+49 (541) 1395-94
