CVE-2022-41080

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description The issue is related to insufficient access controls in Microsoft Exchange Server, allowing a remote attacker to elevate their privileges. This vulnerability has been exploited in real-world incidents, such as the attack on the UK electoral commission, where data of approximately 40 million people may have been leaked. The vulnerability was also used in the breach of Rackspace, where the Play ransomware gang gained initial access to the company's email environment using a zero-day exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.