Two new security flaws have been added by the Cybersecurity and Infrastructure Security Agency (CISA) to its list of exploited issues as of today. The first flaw affects Microsoft Exchange and is identified as CVE-2022-41080. It can be combined with the ProxyNotShell flaw (CVE-2022-41082) to allow remote code execution.
The Play ransomware group used it as a zero-day attack to get around Microsoft’s ProxyNotShell URL rewrite mitigations and raise permissions on infected Exchange servers, according to confirmation from Texas-based cloud computing company Rackspace a week ago.