Akamai’s Response to Zero-Day Vulnerabilities in Microsoft Exchange Server (CVE-2022-41040 and CVE-2022-41082)
Executive summary
In response to zero-day vulnerabilities within the Microsoft Exchange product, Akamai has released new App & API Protector protections for customers.
Introduction
On Thursday, September 29, 2022, Microsoft Security Response Center released a blog post outlining information on two zero-day vulnerabilities that affect Microsoft Exchange Servers 2013, 2016, and 2019. These vulnerabilities have been assigned the following CVEs:
Akamai Security Intelligence Group quickly conducted an analysis and released protections to our App & API Protector customers.
Mitigations
Akamai Security Intelligence Group released security updates on October 3, 2022, to address these CVEs and postexploit webshell communications.
Adaptive Security Engine
3000198 — Possible RCE on MS Exchange Detected (CVE-2022-41040 CVE-2022-41082)
3000199 — Webshell Activity on Microsoft Exchange (Related to CVE-2022-41040 CVE-2022-41082)
Kona Rule Set
3000098 — Possible RCE on MS Exchange Detected (CVE-2022-41040 CVE-2022-41082)
3000099 — Webshell Activity on Microsoft Exchange (Related to CVE-2022-41040 CVE-2022-41082)
Summary
Adaptive Security Engine customers who are using “Automatic” mode are already protected; “Manual” customers and App & API Protector customers need to update their protections immediately if they are using a vulnerable version of Microsoft Exchange.
Akamai App & API Protector customers should verify their protection status and enable these rules if needed.
You can follow us at @Akamai_Research on Twitter for the latest updates regarding this and other security vulnerabilities.