Exchange Server November Security Update: Fix CVE-2022-41040 – CVE-2022-41082

Microsoft, ProxyNotShell defined as Exchange Server for their weaknesses Security Update published and announced that it closed the relevant vulnerabilities.

Temporary measures regarding the vulnerability and regex update was published and the relevant vulnerability was temporarily resolved. For detailed information, see the link;

Microsoft, Exchange Server Security Update released for CVE-2022-41040 – CVE-2022-41082 reported that it patched the vulnerabilities.

Exchange Server administrators are advised to install the November patch on their servers.

You can install the relevant patches without having to cancel the previously applied workaround. In organizations that actively use EEMS, deleting the EEMS rule on IIS will not make a change; the rule will work actively until Microsoft updates the relevant XML.

To manually remove the relevant throttling EOMTv2 you can use.

.\EOMTv2.ps1 -RollbackMitigation

You can use the links below for November 2022 Exchange Server SU;

  • Exchange Server 2013 CU23 (Support ends in April 2023.)
  • Exchange Server 2016 CU23
  • Exchange Server 2019 CU12

Comment