CVE-2022-41079: 
vulnerability analysis and mitigation

Microsoft Exchange Server Spoofing Vulnerability (CVE-2022-41079) is a critical security flaw discovered in Microsoft Exchange Server. The vulnerability was initially reported on September 20, 2022, and received a CVSS score of 8.8 (High), indicating its severe nature (ZDI Advisory).

The vulnerability exists within the SerializationTypeConverter class of Microsoft Exchange Server. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The vulnerability has been assigned a CVSS score of 8.8 with the following vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (ZDI Advisory).

When successfully exploited, this vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. An attacker can leverage this vulnerability to relay NTLM credentials in the context of SYSTEM, potentially gaining significant control over the affected system (ZDI Advisory).

Microsoft has released a security update to address this vulnerability. The fix was included in the November 8, 2022 security update (KB5019758) for Microsoft Exchange Server 2019, 2016, and 2013 (Microsoft Support).