Exchange OWASSRF Exploited for Remote Code Execution

Published: 2022-12-22
Last Updated: 2022-12-22 02:24:21 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

According to a post by Rapid7, they have observed Exchange server 2013, 2016 & 2019 being actively exploited for "a chaining of CVE-2022-41080 and CVE-2022-41082 to bypass URL rewrite mitigations that Microsoft provided for ProxyNotShell allowing for remote code execution (RCE) via privilege escalation via Outlook Web Access (OWA)."[1]

They recommend to immediately apply the November 2022 KB5019758 and investigate for potential system compromise.

Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

0 comment(s)


Diary Archives