all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations

Add to bookmarks
c
Feb. 24, 2023, 8:07 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.The discovery was part of recent CrowdStrike Services investigations into several Play ransomware intrusions where the common entry ...

access bypassing called code code execution crowdstrike cve cve-2022-41080 cve-2022-41082 discovery endpoint entry exchange exploit investigations microsoft mitigations outlook owa owassrf play play ransomware ransomware rce remote code remote code execution response services url web

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
Navigating the Cloud – Beyond “Best Practices” 1 day, 13 hours ago | cloudsecurityalliance.org
architectures best practices beyond businesses +17
Cl
Defining Cloud Key Management: 7 Essential Terms 1 week ago | cloudsecurityalliance.org
access access control breaches cloud +26
Cl
How DSPM Can Help Solve Healthcare Cybersecurity Attacks 1 week ago | cloudsecurityalliance.org
access access controls article attacks +41
Cl
Considerations When Including AI Implementations in Penetration Testing 1 week ago | cloudsecurityalliance.org
application artificial artificial intelligence ask +15
Cl
Five Reasons Why Ransomware Still Reigns 1 week ago | cloudsecurityalliance.org
ben ciso consent cxo +15
Cl
DevSecOps Tools 1 week ago | cloudsecurityalliance.org
code code management development devops +18
Cl
Livin' on the Edge: Linux's Impact on Computing 1 week, 1 day ago | cloudsecurityalliance.org
attitudes automox changing ciso +16
Cl
Your Ultimate Guide to Security Frameworks 1 week, 2 days ago | cloudsecurityalliance.org
breaches build business customers +13
Cl
The Future of Cloud Cybersecurity 1 week, 2 days ago | cloudsecurityalliance.org
businesses ceo cloud cloud computing +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs