This article provides the vulnerability status and protection details for the unpatched Microsoft Exchange vulnerabilities identified as CVE-2022-41040 (SSRF) and CVE-2022-41082 (RCE).

• CVE-2022-41040  NVD - CVE-2022-41040
• CVE-2022-41082  NVD - CVE-2022-41082

SEP 14x versions

Targeted attacks which are the result of exploits of unpatched vulnerabilities in Microsoft Exchange. The vulnerabilities have been identified as CVE-2022-41040, a Server-Side Request Forgery (SSRF) vulnerability, and CVE-2022-41082. These are being exploited to allow an authenticated user to remotely execute code in the form of malicious webshells.

Symantec has protections in place which provide coverage against both the exploit and post-exploit activity.

Symantec protects you from these threats, identified by the following:

File-based

Exp.CVE-2022-41040

Exp.CVE-2022-41082

Hacktool.Webshell

Trojan Horse

Network-based

Attack: AntSword Scan Attempt