【Security Vulnerability Warning】 Microsoft Exchange Server exists security vulnerabilities (CVE-2022-41040 and CVE-2022-41082) that allow attackers to remotely execute arbitrary code. Please confirm and evaluate as soon as possible and take mitigation measures

• Subject: Microsoft Exchange Server exists security vulnerabilities (CVE-2022-41040 and CVE-2022-41082) that allow attackers to remotely execute arbitrary code. Please confirm and evaluate as soon as possible and take mitigation measures

• Description:
  For details, please refer to the following links.
  1. https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html?m=1
  2. https://www.ithome.com.tw/news/153387
  3. https://www.ithome.com.tw/news/153457
  4. https://nvd.nist.gov/vuln/detail/CVE-2022-41040
  5. https://nvd.nist.gov/vuln/detail/CVE-2022-41082
  6. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41040
  7. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41082
  8. https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
  9. https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/

Network System Division
Computer and Communication Center