Exchange Server Zero-Day: Microsoft releases script for workaround​

exchange server zero day microsoft releases script for workaround​.jpg
exchange server zero day microsoft releases script for workaround​.jpg

With a Powershell script, administrators can import the workaround against the newly discovered zero-day vulnerabilities in Exchange Server.


Microsoft has released a shell script that imports the workaround to protect against the zero-day vulnerabilities in Exchange servers that became known on Friday. Administrators can download the script from Microsoft and should run it on each affected on-premises server. The workaround is now also being played out via Microsoft’s Exchange Server Emergency Mitigation Service (EMS).

On Friday, security researchers warned of two zero-day vulnerabilities that are already being actively exploited. Details of the exploits are not yet known. According to the security researchers, they managed to address a component in the backend of the server and run code from it. The attacks are said to follow a pattern similar to that of ProxyShell in summer 2021.

Microsoft has confirmed the vulnerabilities (CVE-2022-41040, CVE-2022-41082). In a report, the company speaks of “limited, targeted attacks”. The Exchange Server 2013, 2016 and 2019 versions are affected. Exchange online customers should not be affected. There are no patches yet.