Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...

Did Patch Tuesday address the zero-day flaw in Microsoft Exchange

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addresses two new zero-day vulnerabilities tracked under CVE-2022-41033, an Elevation of Privilege vulnerability exploited in the wild. CVE-2022-41043 is an Information Disclosure...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update,...

October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities aka flaws in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege EoP, Remote Code Execution RCE, and Spoofing. This months Patch Tuesday fixes two 2 zero-day...

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from...

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to...

Microsoft Exchange Server October 2022 Zero-day Vulnerabilities (ProxyNotShell)

The Microsoft Exchange Server installed on the remote host is potentially affected by multiple zero-day vulnerabilities, dubbed ProxyNotShell: - An unspecified authenticated server-side request forgery SSRF vulnerability. CVE-2022-41040 - An unspecified authenticated remote code execution RCE...

ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery SSRF vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution RCE when PowerShell is available to unidentified...

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: zeroSteiner at January 10, 2023 2:58pm UTC reported: CVE-2022-41082, also known as ProxyNotShell is an authenticated RCE in Microsoft Exchange. ProxyNotShell actually combines CVE-2022-41082 and CVE-2022-41040 for t...

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web she...

Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform

On September 29, 2022, active attacks against Microsoft Exchange were reported by Vietnamese cybersecurity company GTSC. The researcher at GTSC reported two critical vulnerabilities now named “ProxyNotShell” in Microsoft Exchange Server via two advisories issued by Zero Day Initiative:...

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...

Microsoft Exchange Server Server-Side Request Forgery Vulnerability

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution...

VulnCheck KEV: CVE-2022-41082

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...