Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-406.30.09.22: Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited

Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited Description The two vulnerabilities for on-premise Microsoft Exchange have been discovered and are now being tracked as a Server-Side Request Forgery vulnerability, CVE-2022-41040, and a remote code execution vulnerability, CVE-2022-41082. The two vulnerabilities are being exploited together to remotely trigger arbitrary code execution which essentially allows threat actors …