Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers. The ProxyNotShell exploit chain used CVE-2022-41040, a SSRF vulnerability in the Autodiscover endpoint of Microsoft Exchange, while this new one uses CVE-2022-41080 to achieve privilege escalation through Outlook Web Access (OWA). The exploit chain – dubbed OWASSRF by Crowdstrike researchers – can only be headed off by implementing the patches … More
The post New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) appeared first on Help Net Security.