This article is only applicable if you still have a Microsoft Exchange server on-premises (a physical server).

Microsoft has discovered two zero-day vulnerabilities in Exchange Server 2013, 2016 and 2019. Moreover, Microsoft has found that this is being actively exploited by cybercriminals. The NCSC (National Cyber Security Center) has designated this vulnerability with the risk factor partly for this reason high/high. That means there is a high probability that cybercriminals will take advantage of this and the potential damage that could result could be great.

The risk

The combination of the two vulnerabilities allow attackers to execute arbitrary code on a vulnerable Exchange Server. To do this, however, one must first log in with a user account. Because it does not matter what rights are assigned to the user account, an attacker can exploit this vulnerability with any user account from which login credentials have been obtained, such as in a previous data breach or other way in which login credentials have been captured. An Exchange Server can be completely taken over and install malicious code such as ransomware on it and get to your corporate data.

Microsoft's CVE code*: CVE-2022-41040 and CVE-2022-41082
* (CVE = Common Vulnerabilities and Exposures, a database containing information about IT vulnerabilities)

And now?

Is your company using Microsoft Server 2013, 2016 or 2019? No security updates have been made available at this time. However, there are temporary measures (mitigations) you can take that will prevent misuse. Microsoft has written a blog about this: click here

Of course you do not have to do this yourself, we have already contacted our clients. But should we be able to help your organization we will be happy to do so. Click here to contact include.