all InfoSec news
New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Help Net Security www.helpnetsecurity.com
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers. The ProxyNotShell exploit chain used CVE-2022-41040, a SSRF vulnerability in the Autodiscover endpoint of Microsoft Exchange, while this new one uses CVE-2022-41080 to achieve privilege escalation through Outlook Web Access (OWA). The exploit chain – dubbed OWASSRF by Crowdstrike researchers – can only be headed off by implementing the patches … More →
The post …
attackers crowdstrike cve cve-2022-41080 don't miss exchange exploit hot stuff microsoft microsoft exchange poc ransomware