One of the two security flaws targeted by ProxyNotShell exploits, CVE-2022-41082 RCE vulnerability, has not been patched on more than 60,000 Microsoft Exchange servers, as a result, they are exposed online.
Another flaw that is in question has been tracked as CVE-2022-41080. A series of targeted attacks were employed by threat actors to exploit the ProxyNotShell zero-day vulnerabilities first disclosed in September.
It has been reported that almost 70,000 Microsoft Exchange servers are at risk of proxyNotShell attacks, in accordance with a recent tweet from security researchers at the Shadowserver Foundation.
As of recent data, 60,865 Exchange servers were detected as vulnerable on January 2nd, and this count is a decreased figure which is fallen from 83,946 in mid-December.
As a collective term, ProxyNotShell is the combination of these two security bugs. Apart from this, it has been found that these flaws affect the Exchange Server:-
The x_owa_version header was the basis for the experts’ assessment. Listed below are the Exchange versions that are vulnerable to these flaws (CVE-2022-41080/CVE-2022-41082):-
^^^ looser match of the first 3 numbers is required
^^^ looser match of the first 3 numbers is required
^^^ looser match of the first 3 numbers is required
Attackers can use this vulnerability to escalate privileges on compromised servers, and they can also end up being able to execute arbitrary code remotely.
During the November 2022 Patch Tuesday, Microsoft released security updates that addressed the flaws in order to resolve them. During the month of September, GreyNoise, a company providing threat intelligence, has been closely monitoring the ongoing exploitation of ProxyNotShell.
As a security precaution, it is recommended that you apply the ProxyNotShell security patches from Microsoft released in November. This will ensure that your Exchange servers remain protected from incoming attacks.
A mitigation plan was also provided by the company, but attackers can circumvent those measures. In short, the only servers that are secure from compromise are those that are fully patched.
A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…
The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…
NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…
A new Mirai-based botnet, "Hail Cock Botnet," has been exploiting vulnerable IoT devices, including DigiEver…
A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard…
Cybersecurity threats are increasingly targeting vulnerabilities in publicly exposed assets like VPNs and firewalls, exploited…