It appears two new Microsoft Exchange Zero-Day vulnerabilities are being exploited in the wild.
While the exploitation is not yet confirmed, attacks have been launched on fully patched Exchange servers affecting companies and organisations. If you run Microsoft Exchange on-premises and have Outlook Web App (OWA) facing the internet, the chances are you are impacted. We will keep monitoring the situation and update you with more information.
As a workaround, we advise IT departments to remove the Outlook Web App (OWA) resource from facing the internet and offer it securely via a VPN tunnel until Microsoft releases a patch remediating the issue.
UPDATE #1 (30/9/22)
Microsoft has confirmed the vulnerabilities by providing the below customer guidance in a report published on their Security Response Center: https://lnkd.in/d8pyTUrN
UPDATE #2 (1/10/22)
Microsoft Security Threat Intelligence blog has been updated concerning the CVE-2022-41040 and CVE-2022-41082 zero-day vulnerabilities. In this new post, the vendor provides a number of Mitigation steps for Microsoft Exchange Server customers using M365 Defender: https://tinyurl.com/5yv987pr
UPDATE #3 (8/10/22)
The vendor has updated the Customer Guidance for the Reported Zero-day Vulnerabilities in Microsoft Exchange Server: https://tinyurl.com/5yv987pr