Forum Discussion

Product Team

3 years ago

Tenable Research Update On ProxyNotShell (CVE-2022-41040,...

Tenable Research Update On ProxyNotShell (CVE-2022-41040, CVE-2022-41082) Update 10/6: A new plugin has been released. Read below for more details. As new information and research into the two zero...

Cyber Exposure Alerts

infraeng

Connect Contributor

3 years ago

Our Exchange severs utilise the Exchange Emergency Mitigation Service, so have already had a fix as per the blog post mentioned here: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Having run Nessus scans over the weekend, it is reporting that our servers are still vulnerable to CVE-2022-41040, CVE-2022-41082.

Is this correct based on us having the fixes in place as per Microsoft's article?

scaveza
Product Team
3 years ago
Hi Dean,
I've confirmed with the plugins team that Plugin ID 165705 will flag Exchange servers based on the version information reported. The plugin does not check systems for the presence of Microsoft's suggested mitigations.

Forum Discussion

Tenable Research Update On ProxyNotShell (CVE-2022-41040,...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia