Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft said on Friday that it has made additional improvements to the mitigation mechanism available to thwart exploitation efforts against the recently discovered unpatched security weaknesses in Exchange Server.The actively exploited vulnerabilities, known as ProxyNotShell (CVE-2022-41040 and CVE-2022-41082), have yet to be fixed by Microsoft, however with Patch Tuesday approaching, the wait may not be long. If the weaknesses are successfully weaponized, an authorised attacker might use the two vulnerabilities to gain remote code execution on the underlying server. The IT titan admitted this week that the flaws may have been exploited by a single state-sponsored threat actor since August 2022 in limited targeted assaults aiming at fewer than ten organisations globally. Read More…