all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Microsoft Exchange ProxyNotShell Remote Code Execution

Add to bookmarks
Nov. 30, 2022, 8:52 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

code code execution exchange microsoft microsoft exchange remote code execution

Visit resource

More from packetstormsecurity.com / Packet Storm

Apache Solr Backup/Restore API Remote Code Execution 17 hours ago | packetstormsecurity.com
11.2 apache apache solr api +17
Ubuntu Security Notice USN-6748-1 17 hours ago | packetstormsecurity.com
attack attacker cross-site issue +9
Ubuntu Security Notice USN-6747-1 17 hours ago | packetstormsecurity.com
arbitrary code attacker code denial of service +16
Ubuntu Security Notice USN-6742-2 17 hours ago | packetstormsecurity.com
attacker authentication bluetooth connections +11
Relate Learning And Teaching System SSTI / Remote Code Execution 18 hours ago | packetstormsecurity.com
batch code code execution exam +13
Nginx 1.25.5 Host Header Validation 18 hours ago | packetstormsecurity.com
bug header host malice +2
Red Hat Security Advisory 2024-2033-03 18 hours ago | packetstormsecurity.com
advisory enterprise libreswan linux +5
Red Hat Security Advisory 2024-2011-03 18 hours ago | packetstormsecurity.com
advisory buffer buffer overflow buffer overflow vulnerability +12
Red Hat Security Advisory 2024-2010-03 18 hours ago | packetstormsecurity.com
advisory components crlf injection denial of service +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA
View on infosec-jobs.com

Security Analyst

@ UNDP | Tripoli (LBY), Libya
View on infosec-jobs.com

Senior Incident Response Consultant

@ Google | United Kingdom
View on infosec-jobs.com

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com
View more jobs