ProxyNotShell is the collective identifier for a pair of high-severity 0-day vulnerabilities (CVE-2022-41082 and CVE-2022-41040) in Microsoft Exchange that are actively being exploited in the wild. These vulnerabilities can be used to achieve Remote Code Execution (RCE) on Exchange servers. Using both vulnerabilities, attackers have been able to successfully infect systems with the Chinese Chopper malware and pivot onto additional Exchange servers.
Microsoft previously released guidance with an aim to mitigate the vulnerabilities, but security researchers responded quickly with methods a threat actor could use to bypass these mitigations, requiring Microsoft to update their mitigation guidance multiple times.
Analyst Notes
Microsoft released the patches for ProxyNotShell on Tuesday, November 8th, 2022. Due to the high severity nature of these vulnerabilities, it is strongly recommended to update all Microsoft Exchange servers as soon as possible.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/
