Vulnerability Details : CVE-2022-41080
Used for ransomware!
Microsoft Exchange Server Elevation of Privilege Vulnerability
Vulnerability category: Gain privilege
CVE-2022-41080 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Exchange Server Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080; https://nvd.nist.gov/vuln/detail/CVE-2022-41080
Added on
2023-01-10
Action due date
2023-01-31
Exploit prediction scoring system (EPSS) score for CVE-2022-41080
2.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less