Exchange OWASSRF Exploited for Remote Code Execution
Last Updated: 2022-12-22 02:24:21 UTC
by Guy Bruneau (Version: 1)
According to a post by Rapid7, they have observed Exchange server 2013, 2016 & 2019 being actively exploited for "a chaining of CVE-2022-41080 and CVE-2022-41082 to bypass URL rewrite mitigations that Microsoft provided for ProxyNotShell allowing for remote code execution (RCE) via privilege escalation via Outlook Web Access (OWA)."
They recommend to immediately apply the November 2022 KB5019758 and investigate for potential system compromise.
Guy Bruneau IPSS Inc.
My Handler Page
gbruneau at isc dot sans dot edu