Windows 10: Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

Discus and support Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082... in Windows 10 Software and Apps to solve the problem; Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix... Discussion in 'Windows 10 Software and Apps' started by Ayukii, Apr 22, 2024.

  1. AYUKII
    Ayukii Win User

    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...


    Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for external vulnerability scans. So when CU12 went end of life we upgraded to CU13, and then our SOC began telling us that our Microsoft Exchange Server OWA has KB5019758, ProxyNotShell CVE-2022-41040: Server-Side Request Forgery SSRF and CVE-2022-41082: Remote code execution RCE vulnerabilities.So I do my own e

    :)
     
    Ayukii, Apr 22, 2024
    #1
  2. AYUKII
    Ayukii Win User

    Exchange CU13 and latest SU, yet external scan(s) claim CVE-2022-41040 CVE-2022-41082 vulnerability.

    Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version.

    Build Number: 15.02.1258.032

    Exchange IU or Security Hotfix Detected:
    Security Update for Exchange Server 2019 Cumulative Update 13 (KB5036402)

    We always run one CU behind the latest, and we pay for external vulnerability scans. So when CU12 went end of life we upgraded to CU13, and then our SOC began telling us that our Microsoft Exchange Server OWA has (KB5019758, ProxyNotShell) CVE-2022-41040: Server-Side Request Forgery (SSRF) and CVE-2022-41082: Remote code execution (RCE) vulnerabilities.

    So I do my own external vulnerability scan using NMAP and the following scripts, which too claim the server is vulnerable.

    GitHub - Diverto/nse-exchange: Nmap scripts to detect exchange 0-day (CVE-2022-41082) vulnerability CVE-2022-1040_checker

    GitHub - Diverto/nse-exchange: Nmap scripts to detect exchange 0-day (CVE-2022-41082) vulnerability http-vuln-cve2022-41082.nse

    Yet, we were, and are, patched to the point that these vulnerabilities should not exist. Also the Exchange Heath Checker Script should tell me if we're vulnerable, yet it does not. Even the EOMTv2.ps1 script used to make URL rewrite rules to mitigate this attack in the first place now says: VERBOSE: Checking if EOMTv2 is up to date with https://aka.ms/EOMTv2-VersionsUri VERBOSE: Starting EOMTv2.ps1 version 23.11.21.1852 on MAIL VERBOSE: EOMTv2 preCheck complete on MAIL NOTICE: CVE-2022-41040 vulnerability has been fixed for the Exchange build running on this computer - mitigation will not be applied.

    So here's the question(s)/assumption; When Microsoft released CU13 and the SU's to fix those CVE's, and we went from CU12 to CU13, wiping away those URL rewrite kludges, was my SOC, and those NMAP scripts, now supposed to be fooled into thinking the Exchange server has this vulnerability?

    Is there an external vulnerability scan I can try, other than what I already have, that I can be sure is telling me the truth?
     
    Ayukii, Apr 23, 2024
    #2
  3. BENHWEX
    BenHWEX Win User
    Was Follina (CVE-2022-30190) not actually addressed in the June 2022 Security Patch?

    Hello,

    I have an issue with the flow of information when using the MSRC Portal, as the Follina CVE (CVE-2022-30190) is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability.

    Please follow my steps:

    MSRC's Follina CVE page Security Update Guide - Microsoft Security Response Center

    Navigate to the bottom and select the KB Article for Server 2019 (this applies to all other KB Articles, but this is my example)

    https://support.microsoft.com/en-gb...763-3046-62fe56c1-a8c0-40e8-a901-677ab9538bf8

    In this article, follow the link under Improvements -> "June 2022 Security Updates."

    This brings you back to the MSRC page: Security Update Guide - Microsoft Security Response Center

    These release notes DO NOT say that the CVE-2022-30190 was addressed in the June patching...?

    Can someone please help here and confirm if the Follina CVE (CVE-2022-30190) patch was actually applied in the June Patch Tuesday release?
     
    BenHWEX, Apr 23, 2024
    #3
  4. BILL SMITHERS
    Bill Smithers Win User

    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    Bill Smithers, Apr 23, 2024
    #4
Thema:

Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

Loading...

  1. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082... - Similar Threads - Exchange CU13 latest

  2. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    in AntiVirus, Firewalls and System Security
    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...: Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for...

  3. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    in Windows 10 Gaming
    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...: Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for...

  4. blacklotus CVE-2022-21894

    in Windows 10 Gaming
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  5. blacklotus CVE-2022-21894

    in Windows 10 Software and Apps
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  6. blacklotus CVE-2022-21894

    in AntiVirus, Firewalls and System Security
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  7. blacklocust CVE-2022-21894

    in Windows 10 Gaming
    blacklocust CVE-2022-21894: What's the latest news on the Blacklocust vulnerability?as CVE-2022-21894 https://answers.microsoft.com/en-us/windows/forum/all/blacklocust-cve-2022-21894/2d0c56b3-5ba4-43de-853c-0c1cd02adbaa

  8. CVE-2022-30190 workaround for Windows 7

    in Windows 10 Gaming
    CVE-2022-30190 workaround for Windows 7: The guidance for CVE-2022-30190 mentions deleting the MSDT URL Protocol as a workaround for this vulnerability. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/However, the FAQ says "The registry key...

  9. CVE-2022-30190 workaround for Windows 7

    in Windows 10 Software and Apps
    CVE-2022-30190 workaround for Windows 7: The guidance for CVE-2022-30190 mentions deleting the MSDT URL Protocol as a workaround for this vulnerability. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/However, the FAQ says "The registry key...

  10. Was Follina CVE-2022-30190 not actually addressed in the June 2022 Security Patch?

    in Windows 10 Software and Apps
    Was Follina CVE-2022-30190 not actually addressed in the June 2022 Security Patch?: Hello, I have an issue with the flow of information when using the MSRC Portal, as the Follina CVE CVE-2022-30190 is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability. Please...