Top
image credit: Adobe Stock

Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed

October 4, 2022

The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an attacker to remotely execute arbitrary code with elevated privileges.

Researcher Kevin Beaumont named the vulnerabilities ProxyNotShell due to similarities to the Exchange vulnerability dubbed ProxyShell, which has been exploited in the wild for more than a year. It seems that Microsoft’s patches for ProxyShell do not completely remove an attack vector.

Read More on Security Week