Zero-day Vulnerabilities in Microsoft Exchange Server (ProxyNotShell)
Two new zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016 and 2019 were reported to Microsoft.
CVE-2022-41040
The first vulnerability is a Server-Side Request Forgery (SSRF) vulnerability. To successfully exploit the vulnerability authenticated access to the vulnerable Exchange Server is necessary.
CVE-2022-41082
The second vulnerability allows remote code execution (RCE) when PowerShell is accessible to the attacker. For a successfull exploitation of that vulnerability authenticated access is also required. The exploitation of the specific (chained) vulnerabilities is similar to ProxyShell and attacks in the wild have been happening.
Mitigations
The easiest way would be to stop exposing OWA to the internet until patches are available.
Also an advisory and steps to mitigate the vulnerability are available from Microsoft
-JP