ProxyNotShell Exchange RCE chained with SSRF (CVE-2022-41040). Apply October 2022 Exchange patches and enable Extended Protection for Authentication. Monitor for webshell activity in Exchange IIS logs.
Microsoft Exchange Server Remote Code Execution Vulnerability allowing an authenticated attacker to trigger malicious code in the context of the server account via a network call.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →