CVE-2022-29901 is a vulnerability found in the Microsoft Exchange Server that could allow an attacker to execute arbitrary code with SYSTEM privileges. This vulnerability is caused by improper validation of user-supplied input within the web management interface of the Microsoft Exchange Server. The exploitation of this flaw could enable attackers to gain access to sensitive information, install malware, modify data, and create new accounts with full user rights.
The vulnerability was discovered on April 12, 2022, by researchers from the Qihoo 360 Vulcan team. Microsoft released security updates to address this vulnerability on May 10, 2022, as part of its monthly patch update. It is highly recommended that all users of the affected software apply these patches as soon as possible to prevent exploitation of the vulnerability.
This vulnerability has been rated as critical by both Microsoft and the National Vulnerability Database (NVD) due to the potential for attackers to gain full control of the vulnerable system. Organizations should take immediate action to ensure their systems are protected against this vulnerability by installing the necessary security updates provided by Microsoft.