The point: Microsoft releases mitigation measures against an exploited Exchange security vulnerability (CVE-2022-22) that enables XSS attacks on Outlook users. The Exchange Emergency Mitigation Service provides automatic remediation until permanent patches are available.
Microsoft has released measures against a serious Exchange Server vulnerability that is already being exploited by attackers. The security flaw enables threat actors to execute arbitrary code in Outlook on the Web via cross-site scripting.
Classified as CVE-2022-22, the vulnerability is a spoofing weakness affecting current versions of Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition. While permanent patches are not yet available, Microsoft offers automatic remediation through the Exchange Emergency Mitigation Service (EEMS) for affected servers.nnAttackers can exploit the vulnerability through specially crafted emails. If a user opens the email in Outlook Web Access under certain conditions, arbitrary JavaScript code can be executed in the browser context.nnMicrosoft strongly recommends immediately enabling the EM Service if it is still disabled. This is the fastest and most effective mitigation measure. Important: The EM Service can only check for new mitigations on Exchange servers from March 2024 onwards.nnThe EEMS service runs automatically on Exchange Mailbox servers and provides protection against active attacks through automatic interim solutions for at-risk security vulnerabilities. For isolated networks, Microsoft provides the Exchange on-premises Mitigation Tool (EOMT).