The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.
The exploit chains CVE-2022-41082, a RCE flaw, and CVE-2022-41080, a privilege escalation vulnerability, to achieve unrestricted remote access to vulnerable MS Exchange setups.
“We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future,” Rackspace noted in its final update on the concluded forensic investigation.
