The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an attacker to remotely execute arbitrary code with elevated privileges.
Researcher Kevin Beaumont named the vulnerabilities ProxyNotShell due to similarities to the Exchange vulnerability dubbed ProxyShell, which has been exploited in the wild for more than a year. It seems that Microsoft’s patches for ProxyShell do not completely remove an attack vector.