New Exchange Zero-Day Exploits: CVE-2022-41040 and CVE-2022-41082

Exchange zero-day exploits: CVE-2022-41040 and CVE-2022-41082.

In the first half of 2021, the Hafnium zero-day exploit targeting on-premises Exchange servers swept the globe.

In November 2021, another exploit, CVE-2021-42321, targeting Exchange was found.

Now, two Exchange on-premises exploits have surfaced: CVE-2022-41082 and CVE-2022-41040.

How to Fix the Exploits

Affected systems are on-premises Exchange Server 2013, 2016, and 2019. Exchange Online is not affected.

At the time of writing (2nd of October 2022), Microsoft has not yet been able to prepare a fix.

The current workaround depends on your particular setup. There are three options:

  1. Customers running Exchange 2016 or 2019 with Exchange Server Emergency Mitigation Service (EMS) enabled will automatically have URL rewrite mitigation enabled that mitigates these two exploits.
  2. Exchange On-premises Mitigation Tool v2 (EOMTv2), which is a script that will implement URL rewrite functionality to mitigate the exploits.
  3. Manual configuration of URL rewrite (step-by-step instructions are found here).

How to Get 100% Protection From Future Zero-Day Exploits

The numerous zero-day exploits targeting Exchange on-premises represent a significant risk to companies and society in general.

The Hafnium exploit is considered to be the work of state-sponsored hackers, most likely of Chinese origin.

The latest exploits, CVE-2022-41082 and CVE-2022-41040, are also assessed (with medium confidence) to be crafted by state-sponsored hackers.

Although these attacks often morph into ransomware attacks, the initial usage is often theft of intellectual capital.

The results of these activities may take years to manifest. Still, the end result may very well be a noticeable decrease in the ability of companies to compete in a global market.

There is only one way to get 100% protection from future zero-day exploits targeting Exchange on-premises.

Remove Exchange On-Premises

If you migrated all your mailboxes to Office 365, you can remove your Exchange on-premises server.

Unfortunately, Microsoft only provides PowerShell to manage mailboxes in this scenario. But third-party tools exist to make management more effortless.

One such tool is Easy365Manager.

With Easy365Manager, you can manage Office 365 mailboxes directly from user properties in AD Users & Computers:

This not only makes it super easy to manage Office 365 mailboxes for support teams of any technical level.

With Easy365Manager, you can even manage things like calendar permissions or Outlook automapping of shared mailboxes. Something that’s only available via advanced PowerShell scripting.

Easy365Manager is available as a 30-day free trial, so you can fully evaluate the software before committing.