Tag: CVE-2022-41082

Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical

Posted by Author Diksha Ojha on Posted on

Microsoft has released security updates for 65 new vulnerabilities in its November 2022 Patch Tuesday Edition. The security update also addressed six actively exploited zero-day vulnerabilities. Out of the 65 vulnerabilities, 10 are rated as critical that include privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities. This month’s security updates also … Continue reading “Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical”

Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)

Posted by Author Diksha Ojha on Posted on

Vietnamese cybersecurity outfit GTSC has reported two critical vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 via the Zero-day initiative (ZDI-CAN-18333 and ZDI-CAN-18802). The first flaw (CVE-2022-41040) is a Server-Side Request Forgery (SSRF) vulnerability. The second flaw (CVE-2022-41082) allows remote code execution (RCE) when PowerShell is accessible to the attacker. Microsoft has mentioned in … Continue reading “Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)”