{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-015.pdf"
    },
    "title": "Critical Vulnerability in Microsoft Exchange Server",
    "serial_number": "2022-015",
    "publish_date": "10-03-2022 10:55:00",
    "description": "On March 8th, Microsoft issued the monthly Patch Tuesday where 71 vulnerabilities were fixed. Three of them were classified as Critical as they allow remote code execution (RCE). One of these critical vulnerabilities affects Microsoft Exchange Server.<br>The vulnerability tracked as CVE-2022-23277 is a remote code execution vulnerability that can be exploited by an authenticated attacker to perfom RCE on Microsoft Excahnge. No active exploitation of this vulnerability is known yet.",
    "url_title": "2022-015",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Microsoft\u00a0Exchange Server'\nversion: '1.0'\nnumber: '2022-015'\ndate: 'March 10, 2022'\n---\n\n_History:_\n\n* _10/03/2022 --- v1.0 -- Initial publication_\n  \n# Summary\n\nOn March 8th, Microsoft issued the monthly Patch Tuesday where 71 vulnerabilities were fixed. Three of them were classified as **Critical** as they allow remote code execution (RCE) [1]. One of these critical vulnerabilities affects Microsoft Exchange Server.\n\nThe vulnerability tracked as CVE-2022-23277 is a remote code execution vulnerability that can be exploited by an authenticated attacker to perfom RCE on Microsoft Exchange [2]. No active exploitation of this vulnerability is known yet.\n\n# Technical Details\n\nThere is not much detail available about how this vulnerability could be exploited. As per Microsoft, the attacker exploiting this vulnerability could target the server accounts for an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call [2].\n\n# Affected Products\n\n* Microsoft Exchange Server 2019 Cumulative Update 11\n* Microsoft Exchange Server 2019 Cumulative Update 10\n* Microsoft Exchange Server 2016 Cumulative Update 22\n* Microsoft Exchange Server 2016 Cumulative Update 21\n* Microsoft Exchange Server 2013 Cumulative Update 23\n  \n# Recommendations\n\nGiven the fact that we have observed increasing attacks against Microsoft Exchange, we strongly advise to apply the patch as soon as possible.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/>\n\n[2] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>10/03/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 8th, Microsoft issued the monthly Patch Tuesday where 71 vulnerabilities were fixed. Three of them were classified as <strong>Critical</strong> as they allow remote code execution (RCE) [1]. One of these critical vulnerabilities affects Microsoft Exchange Server.</p><p>The vulnerability tracked as CVE-2022-23277 is a remote code execution vulnerability that can be exploited by an authenticated attacker to perfom RCE on Microsoft Exchange [2]. No active exploitation of this vulnerability is known yet.</p><h2 id=\"technical-details\">Technical Details</h2><p>There is not much detail available about how this vulnerability could be exploited. As per Microsoft, the attacker exploiting this vulnerability could target the server accounts for an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call [2].</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Microsoft Exchange Server 2019 Cumulative Update 11</li><li>Microsoft Exchange Server 2019 Cumulative Update 10</li><li>Microsoft Exchange Server 2016 Cumulative Update 22</li><li>Microsoft Exchange Server 2016 Cumulative Update 21</li><li>Microsoft Exchange Server 2013 Cumulative Update 23</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Given the fact that we have observed increasing attacks against Microsoft Exchange, we strongly advise to apply the patch as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}