Microsoft says two new Exchange zero-day bugs under active attack, but no immediate fix

Microsoft has confirmed two unpatched Exchange Server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks.
Vietnamese cybersecurity company GTSC, which first discovered the flaws part of its response to a customer’s cybersecurity incident, in August 2022, said the two zero-days have been used in attacks on their customers’ environments dating back to early-August 2022.
Microsoft’s Security Response Center (MRSC) said in a blog post late on Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnera

リンク元