Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.