[CDP-development] Cybersecurity Awareness Bulletins: Microsoft Zero-Day Guidance and VMWare vSphere Malware Guidance

Masse, Theresa theresa.masse at cisa.dhs.gov
Sat Oct 1 09:40:34 PDT 2022 

FYSA - Please see the attached cybersecurity awareness bulletins.


Distributing these informational bulletins on behalf of the Cybersecurity and Infrastructure Security Agency (CISA):

     *   Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

        *   CVE-2022-41040 - Server-Side Request Forgery (SSRF) vulnerability
        *   CVE-2022-41082 - Allows remote code execution (RCE) when PowerShell is accessible to the attacker
        *   Mitigations

           *   Microsoft Exchange Online Customers do not need to take any action.
           *   Other customers should consult the attached bulletin linking to Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

     *   VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D8D579.CA8A9AF0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221001/624f78ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221001/624f78ec/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server.pdf
Type: application/pdf
Size: 152994 bytes
Desc: Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221001/624f78ec/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere.pdf
Type: application/pdf
Size: 139296 bytes
Desc: VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221001/624f78ec/attachment-0003.pdf>

More information about the CDP-development mailing list