Microsoft has released Customer Guidance for Reported #zeroday #Vulnerabilities in #Microsoft #Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.”
The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft #Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.
An attacker could exploit these vulnerabilities to take control of an affected system.
The current Exchange Server #mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns how to do it is describe in the below microsoft blogpost
0 comments:
Post a Comment