Blog

Dec 22, 2022

OWASSRF: There is a new exploit chain dubbed

Posted by in category: cybercrime/malcode

OWASSRF that threat actors are actively exploiting to gain arbitrary code execution through Outlook Web Access (OWA) on vulnerable servers that bypasses ProxyNotShell URL rewrite mitigations.

A recent investigation by CrowdStrike Services found that Microsoft Exchange ProxyNotShell vulnerabilities are probably enabled the common entry vector for several Play ransomware intrusions:

The relevant logs were reviewed by CrowdStrike and no evidence of initial access exploiting CVE-2022–41040 was found.

Comments are closed.