Exploit released for actively abused ProxyNotShell Exchange bug

18-Nov-22

Two highly severe and actively exploited Microsoft Exchange flaws collectively known as ProxyNotShell have online proof-of-concept exploit code available. One week after Microsoft provided security fixes for ProxyNotShell, security expert Janggggg published the proof-of-concept (PoC) exploit that attackers have been using to backdoor Exchange servers in the wild.

The CVE-2022-41082 and CVE-2022-41040 flaws, which affect Microsoft Exchange Server 2013, 2016, and 2019, allow attackers to elevate privileges to run PowerShell in the context of the system and obtain arbitrary or remote code execution on vulnerable systems.

Read More…