31 matches found
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...
Microsoft Exchange ProxyNotShell RCE
This module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend CVE-2022-41040, where a deserialization flaw can be leveraged to obtain code execution CVE-2022-41082. This exploit only suppor...
Microsoft Exchange ProxyNotShell Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyNotShell RCE', 'Description' = %q This module chains two vulnerabilities on Microsoft Exchange Server that, when combined...
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...
Exploit for Server-Side Request Forgery in Microsoft
CVE-2022-41040-metasploit-ProxyNotShell the metasploit script...
Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...
Exploit for Server-Side Request Forgery in Microsoft
CVE-2022-41040 Microsoft Exchange vulnerable to server-side...
Patch Tuesday - October 2022
The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser. Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities...
Exploit for Server-Side Request Forgery in Microsoft
CVE-2022-41040-POC CVE-2022-41040 - Server Side Request Forger...
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from...
Microsoft Exchange Server October 2022 Zero-day Vulnerabilities (ProxyNotShell)
The Microsoft Exchange Server installed on the remote host is potentially affected by multiple zero-day vulnerabilities, dubbed ProxyNotShell: - An unspecified authenticated server-side request forgery SSRF vulnerability. CVE-2022-41040 - An unspecified authenticated remote code execution RCE...
Akamai’s Response to Zero-Day Vulnerabilities in Microsoft Exchange Server (CVE-2022-41040 and CVE-2022-41082)
Akamai Security Research has released web application firewall protections for Microsoft Exchange CVE-2022-41040 and CVE-2022-41082...
PT-2022-14862 · Undefined · Undefined
ParsedReport 01-10-2022 Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082 Threats: Chinachopper Backdoor:win32/rewritehttp...
CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability
...
Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit
Binary data exchangecve-2022-41040ioc.nbin...
CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability
...
CVE-2022-41040
CVE-2022-41040 is an Exchange Server SSRF vulnerability used to escalate privileges, often paired with CVE-2022-41082 for remote code execution (RCE). The vulnerability chain affects on‑premise Exchange Server deployments via the Autodiscover service, enabling an authenticated attacker to trigger...
CVE-2022-41040
Microsoft Exchange Server Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery SSRF attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary...
Acronis: mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040
Hello Acronis team, Please run curl -ksL -m5 -o /dev/null -I -w "%httpcode" "https://mail.acronis.com/autodiscover/autodiscover.json?Email=autodiscover/[email protected]&Protocol=ActiveSync" curl -ksL -m5...