all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations

Add to bookmarks
c
Feb. 24, 2023, 8:07 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.The discovery was part of recent CrowdStrike Services investigations into several Play ransomware intrusions where the common entry ...

access bypassing called code code execution crowdstrike cve cve-2022-41080 cve-2022-41082 discovery endpoint entry exchange exploit investigations microsoft mitigations outlook owa owassrf play play ransomware ransomware rce remote code remote code execution response services url web

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Path to SOC 2 Compliance for Startups 2 days, 11 hours ago | cloudsecurityalliance.org
business can challenges companies +16
Cl
Learn How to Navigate Ransomware Attacks in a Digital World 4 days, 7 hours ago | cloudsecurityalliance.org
attacks businesses computer digital +16
Cl
What are the ISO 9001 Requirements? 1 week, 1 day ago | cloudsecurityalliance.org
certification compliance context evaluation +16
Cl
What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction 1 week, 3 days ago | cloudsecurityalliance.org
agile amp best practices blog +32
Cl
Unlocking Trust in the Digital Age: The Power of Blockchain Technologies 1 week, 3 days ago | cloudsecurityalliance.org
age blockchain business communication +20
Cl
Level Up Your Security Strategy with Cyber Resilience 1 week, 4 days ago | cloudsecurityalliance.org
advisory barr advisory breach can +16
Cl
Mastering Least Privilege: Cutting Unused Access 1 week, 4 days ago | cloudsecurityalliance.org
access attack attack surface breaches +16
Cl
How Cybersecurity and AI Will Influence Global Elections in 2024 1 week, 4 days ago | cloudsecurityalliance.org
advocacy artificial artificial intelligence big +20
Cl
Mastering Secure DevOps with Six Key Strategies 1 week, 5 days ago | cloudsecurityalliance.org
addresses applications attacks breaches +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com