Symantec is aware of reports of limited targeted attacks which are the result of exploits of unpatched vulnerabilities in Microsoft Exchange. The vulnerabilities have been identified as CVE-2022-41040, a Server-Side Request Forgery (SSRF) vulnerability, and CVE-2022-41082. These are being exploited to allow an authenticated user to remotely execute code in the form of malicious webshells.

There are existing protections in place which provide coverage against both the exploit and post-exploit activity.

Symantec protects you from this threat, identified by the following:

File-based

• CVE-2022-41040
• CVE-2022-41082
• Webshell
• Trojan Horse

Network-based

• Attack: AntSword Scan Attempt

Policy-based

• DCS provides 0 day protection for the recently identified Microsoft Exchange vulnerabilities. DCS default hardening sandbox for Microsoft Exchange prevents suspicious payloads from being dropped and executed on vulnerable servers.

 Please refer to the following link for more details and updates: https://www.broadcom.com/support/security-center/protection-bulletin#blta0e4e5438d308078_en-us