While limited targeted attacks are being reported on Microsoft Exchange servers, Microsoft is already aware and investigating two reported zero-day vulnerabilities affecting mainly on-premises Microsoft Exchange Servers including Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The two vulnerabilities reported are:
- CVE-2022-41040: Server-Side Request Forgery (SSRF) vulnerability
- CVE-2022-41082: Allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
Are you already affected with Zero-Day Vulnerabilities in Microsoft Exchange Server?
As a first step you immediately have to verify if you are already affected or not and you can do that through below PowerShell command:
Get-ChildItem -Recurse -Path C:\inetpub\logs\LogFiles -Filter “*.log” | Select-String -Pattern ‘powershell.*autodiscover\.json.*\@.*200’
MachSol recommends that customers already using On-premise Exchange should follow Microsoft recommendations. In addition, MachPanel: MachSols leading automation solution for Enterprises, Governments and Cloud Service Providers for Multi-Cloud service delivery immediately responded to reported vulnerability and issued a hotfix to mitigate the threat. All existing customers of MachPanel can simply apply the hotfix which will disable the Remote PowerShell for all new Users and for existing users, they simply have to trigger Security permissions to disable the Remote PowerShell.
How Hosted Exchange service providers can stay Secure:
With the rising Cyber-attacks, it is very important for all Exchange On-premise admins to ensure you have your infrastructure updated to latest security patches and releases and on top of that stay connected with Microsoft security response center updates specially Microsoft Security blog.
Effects of Zero-Day attacks on Microsoft Exchange On-premise market and importance of a reliable Service Delivery Partner:
It is important to note that Microsoft online services are not affected by latest vulnerabilities and while on-premise market is already facing an uphill challenge to compete Microsoft, such attacks will further hamper their effort to stay in the competition. But if you have a service delivery partner with an up-to-date solution and takes all necessary actions to immediately respond to such threats, then you are always on a secure side. MachPanel is industry leading Cloud automation solution that has been servicing Enterprises, Cloud service providers and Governments for decades and ensure you are able to offer your hosted services securely.
Offer Multi-tenant -Secure- Reliable Exchange offerings with MachPanel Automation Module for Exchange:
MachPanel helps you offer fully Multi-tenant Exchange offerings and automates your complete business life cycle with all the necessary business components. To explore further: https://www.machsol.com/machpanel-automation-for-microsoft-exchange/