"Microsoft Security Response Center Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server Summary Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the to the attacker..." https://msrc-blog.microsoft.com/202...vulnerabilities-in-microsoft-exchange-server/
URGENT! Microsoft Exchange double zero-day - "like ProxyShell, only different" 30 Sep 2022 by Paul Ducklin https://nakedsecurity.sophos.com/2022/09/30/urgent-microsoft-exchange-double-zero-day-like-proxyshell-only-different/ "So far ... it looks as though the most important things to bear in mind are: [a] the tips and techniques you learned for hunting down ProxyShell attacks are almost certainly going to be helpful here, if not the only tools you may need; (b) despite the similarities (and notwithstanding anything you may have seen online), this isn't ProxyShell, so your ProxyShell patches won't protect you from it; and [c] when patches do arrive, assume that they will be reverse engineered back into working exploits very quickly, so don't delay in applying them."
"Microsoft updates guidance for ‘ProxyNotShell’ bugs after researchers get around mitigations Microsoft has updated the guidance it provided for two zero-day vulnerabilities discovered last week affecting Exchange Server software. The original guidance provided for the bugs, which are known colloquially as “ProxyNotShell”, was found to be insufficient in addressing the issues, according to several security researchers who spent the weekend examining it..." https://therecord.media/microsoft-u...ugs-after-researchers-get-around-mitigations/
