A recently discovered multiple CVE [CVE-2022-41082 | CVE-2022-41040] can be exploited by attackers to gain an initial foothold with an command execution privileges on the targeted victim.
CVE-2022-41040 | SSRF
Note: SSRF : Server-Side Request Forgery (SSRF) is an web application based attack, typically attacker can forge an requests to the server-side applications
This techniques followed by many adversaries to send an malicious requests to servers
CVE-2022-41082 | Remote Code Execution Vulnerabilities
Note: Remote Code Execution : RCE where an attacker can remotely executed PowerShell commands
Attack Map
An crafted Malicious SSRF request to an exchange server helps an attacker to deploy an Back Door | Web shell and with an help of CVE-2022-41082 the attacker can execute remote code which might be used for lateral movement or Exfiltration techniques.
Note: This might be required an internal network access.
Mitigation:
As Microsoft team officially suggest
Turn on cloud-delivered protection in Microsoft Defender Antivirus
Enable network protection
Disable remote PowerShell access for non-admins
Update the recent patch
Reference:
Comments