Microsoft has reported that it is investigating two zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082, affecting Microsoft Exchange Server 2013, 2016, and 2019 instances. Both vulnerabilities require a potential adversary to have authenticated access to the vulnerable Exchange server.

Download the report