Tag :
Cyber Security

1. Summary

Vulnerability Name Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)
Release Date September 30, 2022
Component Name Microsoft Exchange Server
Affected Versions Microsoft Exchange Server 2013 Cumulative Update 23

Microsoft Exchange Server 2016 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 11

Microsoft Exchange Server 2019 Cumulative Update 12
Vulnerability Type Remote Code Execution Vulnerability
Severity CVSS v3 Base Score 8.8 (High)
Exploitability Attack Vector: Network

Attack Complexity: Low

Privileges Required: Low

User Interaction: None
Impact Confidentiality Impact: High

Integrity Impact: High

Availability Impact: High

2. About CVE-2022-41082

2.1 Introduction

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.

2.2 Summary

CVE-2022-41082 is a zero-day remote code execution vulnerability in Microsoft Exchange Server, classified as high severity with a CVSS Score of 8.8. This vulnerability is triggered by another Exchanger Server vulnerability, CVE-2022-41040, and allows an authenticated attacker to run PowerShell on the server for remote code execution.

The two vulnerabilities have been named the ProxyNotShell vulnerabilities after the ProxyShell vulnerabilities affecting Exchange Server.

CVE-2022-41082 was added to CISA’s Known Exploited Vulnerabilities Catalog on September 30, 2022.

3. Affected Versions

Microsoft Exchange Server 2013 Cumulative Update 23

Microsoft Exchange Server 2016 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 11

Microsoft Exchange Server 2019 Cumulative Update 12

4. Solutions

4.1 Remediation Solutions

4.1.1 Microsoft Solution

Microsoft has released a patch for affected OS versions to fix this vulnerability on November 8, 2022. Please download the patch corresponding to the affected OS from the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082

5. Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082

https://nvd.nist.gov/vuln/detail/CVE-2022-41082

6. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Linux Cryptojacking Could be Secretly Draining Your Server Resources

Date : 26 May 2026
Read Now

GoldFactory Targets Vietnam and Thailand with Mobile Banking Fraud

Date : 12 May 2026
Read Now

LiteLLM SQL Injection (CVE-2026-42208)

Date : 29 Apr 2026
Read Now

See Other Product

Cyber Command - NDR Platform
MDR TCO Calculator - User Input Page
Endpoint Secure
MDR TCO Calculator - Report Page
Sangfor Athena SWG - Secure Web Gateway
Sangfor Zero Trust Data Protection

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail