Microsoft Exchange Zero Day Vulnerability
In today’s SensCy Cyber Alert, your SensCy team urges Microsoft Exchange Servers users to review the remediation tips for TWO zero-day vulnerabilities. The vulnerabilities are tracked by the National Institute of Standards and Technology as CVE-2022-41040 and CVE-2022-41082. The vulnerabilities impact Exchange Server 2013, 2016, and 2019 based on the reports of in-the-wild exploitation.
What is a zero-day vulnerability?
In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers, and security researchers were aware of it and could provide a patch/update.
Microsoft workaround:
Microsoft recommends user to add a blocking rule in IIS Manager as a temporary workaround.
Here is how to add the blocking rule:
- Open the IIS Manager
- Expand the Default Web Site
- Select Autodiscover
- In the Feature View, click URL Rewrite
- In the Actions pane on the right-hand side, click Add Rules
- Select Request Blocking and click OK
- Add String “.*autodiscover\.json.*\@.*Powershell.*” (excluding quotes) and click OK
- Expand the rule and select the rule with the Pattern “.*autodiscover\.json.*\@.*Powershell.*” and click Edit under Conditions
- Change the condition input from {URL} to {REQUEST_URI}
Please reach out to SensCy for any additional questions or concerns.
