"Microsoft Confirms Exploitation of Two Exchange Server Zero-Days"

Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks and are currently working on patches.  GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities.  The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group.  The vulnerabilities were reported to Microsoft through Trend Micro’s Zero Day Initiative (ZDI).  Microsoft noted that one of the flaws is a server-side request forgery (SSRF) issue tracked as CVE-2022-41040 and the second is a remote code execution vulnerability tracked as CVE-2022-41082.  The security holes have been found to impact Exchange Server 2013, 2016, and 2019.  Microsoft noted that in attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.  Microsoft said authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.  The company is working on an accelerated timeline to patch the vulnerabilities. 

SecurityWeek reports: "Microsoft Confirms Exploitation of Two Exchange Server Zero-Days"