Microsoft Exchange Zero-Day

It was reported on October 4th that two new vulnerabilities were discovered supporting Microsoft Exchange email services. From their website, "...he first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker..." Notably, Exchange Online customers do not need to take any action.

The linked webpage contains additional information and instructions, which have been updated since Microsoft created this alert. Please click the graphic below to be taken to the source information.

Stay (HIPAA) safe,

Alan -