all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

Add to bookmarks
Dec. 21, 2022, 1:24 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers. The ProxyNotShell exploit chain used CVE-2022-41040, a SSRF vulnerability in the Autodiscover endpoint of Microsoft Exchange, while this new one uses CVE-2022-41080 to achieve privilege escalation through Outlook Web Access (OWA). The exploit chain – dubbed OWASSRF by Crowdstrike researchers – can only be headed off by implementing the patches … More →


The post …

attackers crowdstrike cve cve-2022-41080 don't miss exchange exploit hot stuff microsoft microsoft exchange poc ransomware

Visit resource

More from www.helpnetsecurity.com / Help Net Security

1Password Extended Access Management secures unmanaged applications and devices 2 hours ago | www.helpnetsecurity.com
1password access access management application +18
New SOHO router malware aims for cloud accounts, internal company resources 4 hours ago | www.helpnetsecurity.com
account accounts actor alibaba +38
Trend Micro expands AI-powered cybersecurity platform 4 hours ago | www.helpnetsecurity.com
adoption advancements ai-powered ai tools +16
HITRUST updates Cyber Threat Adaptive engine to address emerging cyber threats 4 hours ago | www.helpnetsecurity.com
accuracy address advanced ai capabilities +27
Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams 5 hours ago | www.helpnetsecurity.com
benchmark code developer effectively +13
Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools 5 hours ago | www.helpnetsecurity.com
address businesses cases chatgpt +24
Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps 5 hours ago | www.helpnetsecurity.com
agentless amp app appdome +27
Confluent enhances Apache Flink with new features for easier AI and broader stream processing 5 hours ago | www.helpnetsecurity.com
ai model apache cloud confluent +18
Nord Security unveils NordStellar, a platform for advanced cyber threat detection and response 6 hours ago | www.helpnetsecurity.com
access accounts advanced and response +38

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs