You are here

Microsoft Exchange RCE/SSRF Vulnerability

CVE-2022-41040, CVE-2022-41082
exchange, ssrf, rce

Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker [1].

Airlock Gateway may block certain attack payloads but does not prevent exploitation of the vulnerabilities in general.


We recommend applying patches from Microsoft to fix the root cause as soon as available.

Microsoft published a workaround to prevent exploitation of the vulnerability (see [1]). Alternatively, you can configure the following Deny Rule on Airlock Gateway as a virtual patch to prevent exploitation:

Pattern type: Path
Case-sensitivity: NO (default)
Invert: OFF (default)
Multiple single line Regex: ON (default)


Note: The pattern is more "aggressive" than similar patterns communicated by Microsoft [1] due to the newest known evasion techniques. We do not expect false positive blocks.

Enable the Deny Rule on the Exchange Autodiscover mappings.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution