CVE-2022-41082: Microsoft Exchange Server Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability. Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
- CISA KEV-listed (remediation due 2022-10-21)
- used in ransomware campaigns
- EPSS 90.8% (99.6% percentile)
Detection rules
- Potential OWASSRF Exploitation Attempt - Proxy high
- Potential OWASSRF Exploitation Attempt - Webserver high
- OWASSRF Exploitation Attempt Using Public POC - Webserver critical
- OWASSRF Exploitation Attempt Using Public POC - Proxy critical
- Suspicious ASPX File Drop by Exchange high
- Suspicious File Drop by Exchange medium
- Chopper Webshell Process Pattern high