ACSC flags Microsoft Exchange vulnerabilities

Two zero-day vulnerabilities have been identified in Microsoft Exchange servers.

The Australian Cyber Security Centre (ACSC) has reported zero-day vulnerabilities associated with Microsoft Exchange Server 2013, 2016 and 2019.

Microsoft has published a list of common vulnerabilities and exposures (CVEs), assigned to:

CVE-2022-41082 – remote code execution vulnerability
CVE-2022-41040 – elevation of privilege vulnerability

Historical CVEs related to ProxyShell have also been noted, including:

CVE-2021-34473 – pre-auth path confusion leads to ACL bypass (patched in April by KB5001779).
CVE-2021-34523 – elevation of privilege on exchange powerShell backend (patched in April by KB5001779).
CVE-2021-31207 – post-auth arbitrary-file-write leads to RCE (patched in May by KB5003435).

Organisations yet to deploy mitigations or those who have suffered breaches have been urged to search for post-exploitation activity including deployment of webshells.

The ACSC has advised stakeholders to monitor the situation and has encouraged impacted organisations to report the incidents to the agency.

Thus far, the ACSC is not aware of successful exploitation within Australia.

newsletter

Be the first to hear the latest developments in the cyber industry.

ACSC flags Microsoft Exchange vulnerabilities

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED