Summary: In a “Friday the 13th” scenario, Microsoft has confirmed a critical, unauthenticated Remote Code Execution (RCE) vulnerability in Exchange Server 2025 and 2022. Dubbed “ProxyVoid,” the flaw allows attackers to bypass authentication and execute PowerShell commands as SYSTEM. Active exploitation has been detected against law enforcement and legal firms in the EMEA region.
Business Impact: Critical Emergency. This is a “drop everything” event. If you run on-premise Exchange, your email infrastructure is currently open to full takeover. Attackers are using this to deploy ransomware and exfiltrate entire mailboxes before the weekend begins.
Why It Happened: A deserialization flaw in the Client Access Service (CAS) was discovered by threat actors before Microsoft could release the scheduled Tuesday patch.
Recommended Executive Action: Immediate Mitigation: Apply the “One-Click Mitigation Tool” released by Microsoft 2 hours ago. If patching is not possible tonight, block external access to ECP/OWA (port 443) at the firewall level immediately.
Hashtags: #Exchange #ZeroDay #ProxyVoid #RCE #FridayThe13th #EmergencyPatch