Exchange Server vulnerabilities: Here's what's behind them
A few days ago, two new Microsoft Exchange Server vulnerabilities became known and are being actively exploited in a series of targeted attacks. Microsoft cannot yet offer a patch for the vulnerabilities - only a customer guide. The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability that essentially opens the door for attackers to gain access to the Exchange Server. The second vulnerability, CVE_2022-41082, allows remote code execution (RCE) via PowerShell once on the server. The Vietnamese company GTSC also has various information about…