Dec 22, 2022
OWASSRF: There is a new exploit chain dubbed
Posted by Omuterema Akhahenda in category: cybercrime/malcode
OWASSRF that threat actors are actively exploiting to gain arbitrary code execution through Outlook Web Access (OWA) on vulnerable servers that bypasses ProxyNotShell URL rewrite mitigations.
A recent investigation by CrowdStrike Services found that Microsoft Exchange ProxyNotShell vulnerabilities are probably enabled the common entry vector for several Play ransomware intrusions:
The relevant logs were reviewed by CrowdStrike and no evidence of initial access exploiting CVE-2022–41040 was found.