Microsoft Exchange Zero Day Vulnerability

Published On: September 30, 2022Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team urges Microsoft Exchange Servers users to review the remediation tips for TWO zero-day vulnerabilities. The vulnerabilities are tracked by the National Institute of Standards and Technology as CVE-2022-41040 and CVE-2022-41082. The vulnerabilities impact Exchange Server 2013, 2016, and 2019 based on the reports of in-the-wild exploitation.

What is a zero-day vulnerability?

In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers, and security researchers were aware of it and could provide a patch/update.

Microsoft workaround:

Microsoft recommends user to add a blocking rule in IIS Manager as a temporary workaround.

Here is how to add the blocking rule:

  • Open the IIS Manager
  • Expand the Default Web Site
  • Select Autodiscover
  • In the Feature View, click URL Rewrite
  • In the Actions pane on the right-hand side, click Add Rules
  • Select Request Blocking and click OK
  • Add String “.*autodiscover\.json.*\@.*Powershell.*” (excluding quotes) and click OK
  • Expand the rule and select the rule with the Pattern “.*autodiscover\.json.*\@.*Powershell.*” and click Edit under Conditions
  • Change the condition input from {URL} to {REQUEST_URI}

Please reach out to SensCy for any additional questions or concerns.

Related Posts

  • July 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • July 9, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 14, 2024. This month Microsoft fixes four [...]

  • June 29, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 183 vulnerabilities discovered, including 135 WordPress plugin [...]