CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Sep 30, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Microsoft / Exchange Server
Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Added to KEV
Sep 30, 2022
Remediate by
Oct 21, 2022
Known ransomware use
Yes
Summary description
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082