CVE-2022-41040 and CVE-2022-41082 ProxyNotShell exploit released online


 Proof-of-concept exploit for CVE-2022-41040 and CVE-2022-41082 Microsoft exchange which is activly exploited,  published online. CVE-2022-41040 and CVE-2022-41082 both bugs affecting Exchange server 2013 , exchange server 2016 and exchange server 2019 known as ProxyNotShell. Microsoft already patch both vulnerability in nov 2022 patch Tuesday .



One week later security researcher Janggggg published POC of both CVE online which is used to backdoor exchange server .

No comments:

Golden dMSA Attack Targets Windows Server 2025: Persistent Cross-Domain Threat

  Golden dMSA : Critical Windows Server 2025 Flaw Enables Cross-Domain Persistence & Enterprise-Wide Exploits A newly uncovered vulnera...