Search cyberveille.decio.ch

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.

#securelist #EN #2022 #DLL-hijacking #Malware-Descriptions #Microsoft-Exchange #Trojan #Vulnerabilities-and-exploits #Zero-day #CVE-2022-41040 #CVE-2022-41082 #analysis

·securelist.com·Dec 20, 2022

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.

#securelist #EN #2022 #DLL-hijacking #Malware-Descriptions #Microsoft-Exchange #Trojan #Vulnerabilities-and-exploits #Zero-day #CVE-2022-41040 #CVE-2022-41082 #analysis

·securelist.com·Dec 20, 2022

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately

#zerodayinitiative #EN #2022 #0-day #CVE-2022-41040 #CVE-2022-41082 #PowerShell

·zerodayinitiative.com·Nov 21, 2022

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately

#zerodayinitiative #EN #2022 #0-day #CVE-2022-41040 #CVE-2022-41082 #PowerShell

·zerodayinitiative.com·Nov 21, 2022

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

#bleepingcomputer #EN #2022 #CVE-2022-41082 #CVE-2022-41040 #Exploit #Microsoft-Exchange #Privilege-Escalation #Proof-of-Concept #ProxyNotShell #RCE #Remote-Code-Execution

·bleepingcomputer.com·Nov 21, 2022

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

#bleepingcomputer #EN #2022 #CVE-2022-41082 #CVE-2022-41040 #Exploit #Microsoft-Exchange #Privilege-Escalation #Proof-of-Concept #ProxyNotShell #RCE #Remote-Code-Execution

·bleepingcomputer.com·Nov 21, 2022

Exploit released for actively abused ProxyNotShell Exchange bug