Windows 10: Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

Discus and support Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082... in AntiVirus, Firewalls and System Security to solve the problem; Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix... Discussion in 'AntiVirus, Firewalls and System Security' started by Ayukii, Apr 22, 2024.

  1. AYUKII
    Ayukii Win User

    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...


    Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for external vulnerability scans. So when CU12 went end of life we upgraded to CU13, and then our SOC began telling us that our Microsoft Exchange Server OWA has KB5019758, ProxyNotShell CVE-2022-41040: Server-Side Request Forgery SSRF and CVE-2022-41082: Remote code execution RCE vulnerabilities.So I do my own e

    :)
     
    Ayukii, Apr 22, 2024
    #1
  2. BENHWEX
    BenHWEX Win User

    Was Follina (CVE-2022-30190) not actually addressed in the June 2022 Security Patch?

    Hello,

    I have an issue with the flow of information when using the MSRC Portal, as the Follina CVE (CVE-2022-30190) is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability.

    Please follow my steps:

    MSRC's Follina CVE page Security Update Guide - Microsoft Security Response Center

    Navigate to the bottom and select the KB Article for Server 2019 (this applies to all other KB Articles, but this is my example)

    https://support.microsoft.com/en-gb...763-3046-62fe56c1-a8c0-40e8-a901-677ab9538bf8

    In this article, follow the link under Improvements -> "June 2022 Security Updates."

    This brings you back to the MSRC page: Security Update Guide - Microsoft Security Response Center

    These release notes DO NOT say that the CVE-2022-30190 was addressed in the June patching...?

    Can someone please help here and confirm if the Follina CVE (CVE-2022-30190) patch was actually applied in the June Patch Tuesday release?
     
    BenHWEX, Apr 22, 2024
    #2
  3. BILL SMITHERS
    Bill Smithers Win User
    Bill Smithers, Apr 22, 2024
    #3
  4. AARONH03
    AaronH03 Win User

    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    CVE-2022-30190 workaround for Windows 7

    The guidance for CVE-2022-30190 mentions deleting the MSDT URL Protocol as a workaround for this vulnerability.

    /blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

    However, the FAQ says "The registry key mentioned in the workaround section will not exist in earlier supported versions of Windows, so the workaround is not required."

    Does this mean there is no workaround for Windows 7 and the only solution is to install the July 2022 security update?
     
    AaronH03, Apr 22, 2024
    #4
Thema:

Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

Loading...

  1. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082... - Similar Threads - Exchange CU13 latest

  2. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    in Windows 10 Gaming
    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...: Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for...

  3. Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...

    in Windows 10 Software and Apps
    Exchange CU13 and latest SU, yet external scans claim CVE-2022-41040 CVE-2022-41082...: Per Exchange Health Checker version 24.03.12.1700 this is my Exchange version. Build Number: 15.02.1258.032 Exchange IU or Security Hotfix Detected:Security Update for Exchange Server 2019 Cumulative Update 13 KB5036402We always run one CU behind the latest, and we pay for...

  4. blacklotus CVE-2022-21894

    in Windows 10 Gaming
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  5. blacklotus CVE-2022-21894

    in Windows 10 Software and Apps
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  6. blacklotus CVE-2022-21894

    in AntiVirus, Firewalls and System Security
    blacklotus CVE-2022-21894: What's the latest news on the Blacklotus vulnerability?as CVE-2022-21894I'm becoming paranoid just booting up. The NSA has issued mitigation remedy but also issues a strongly worded caution.... Such as if you don't know what you're doing don't try it because it's difficult....

  7. blacklocust CVE-2022-21894

    in Windows 10 Gaming
    blacklocust CVE-2022-21894: What's the latest news on the Blacklocust vulnerability?as CVE-2022-21894 https://answers.microsoft.com/en-us/windows/forum/all/blacklocust-cve-2022-21894/2d0c56b3-5ba4-43de-853c-0c1cd02adbaa

  8. CVE-2022-30190 workaround for Windows 7

    in Windows 10 Gaming
    CVE-2022-30190 workaround for Windows 7: The guidance for CVE-2022-30190 mentions deleting the MSDT URL Protocol as a workaround for this vulnerability. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/However, the FAQ says "The registry key...

  9. CVE-2022-30190 workaround for Windows 7

    in Windows 10 Software and Apps
    CVE-2022-30190 workaround for Windows 7: The guidance for CVE-2022-30190 mentions deleting the MSDT URL Protocol as a workaround for this vulnerability. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/However, the FAQ says "The registry key...

  10. Was Follina CVE-2022-30190 not actually addressed in the June 2022 Security Patch?

    in Windows 10 Software and Apps
    Was Follina CVE-2022-30190 not actually addressed in the June 2022 Security Patch?: Hello, I have an issue with the flow of information when using the MSRC Portal, as the Follina CVE CVE-2022-30190 is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability. Please...