OWASSRF that threat actors are actively exploiting to gain arbitrary code execution through Outlook Web Access (OWA) on vulnerable servers that bypasses ProxyNotShell URL rewrite mitigations.
A recent investigation by CrowdStrike Services found that Microsoft Exchange ProxyNotShell vulnerabilities are probably enabled the common entry vector for several Play ransomware intrusions:
The relevant logs were reviewed by CrowdStrike and no evidence of initial access exploiting CVE-2022–41040 was found.
Comments are closed.