Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Nino_Bilic, regarding Ken_Harrell1145's comment:
Authenticated attackers who can access PowerShell Remoting on vulnerable Exchange systems will be able to trigger RCE using CVE-2022-41082. Blocking the ports used for Remote PowerShell can limit these attacks.
- HTTP: 5985
- HTTPS: 5986
Can you confirm that if these ports are inaccessible from the public, that even if users do have RemotePowerShellEnabled, there is no way (externally) for them to gain footing to Remote PowerShell?
For example, I suspect most folks only have HTTPS/443 exposed to the Internet for on-prem Exchange; so, if the above assumption is true, those same folks need not worry about the Remote PowerShell CVE (except perhaps from internal users, but that can be mitigated by the Windows Firewall on the Exchange front ends).
If correct, this may quell many concerns about the second part of the exploit, the Remote PowerShell CVE-2022-41082.
Thank you.