Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’ systems.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following Microsoft’s release of the mitigation steps, encouraging “users and administrators to review the following information from Microsoft and apply the necessary mitigation steps until patches are made available:
- Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
- Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
Since both Microsoft and CISA are “urging” companies to follow the mitigation steps until a patch is developed, companies may wish to follow those recommendations as soon as possible.