Citing foreign media Bleeping Computer reported that Microsoft Exchange burst two high-risk security vulnerabilities ProxyNotShell, there is now evidence that these two vulnerabilities have been used by hackers to launch attacks.
The two vulnerability tracking numbers are CVE-2022-41082 and CVE-2022-41040, and Microsoft Microsoft Exchange Server 2013, 2016, and 2019 are affected. The vulnerability allows an attacker to elevate privileges, run PowerShell on the system, and obtain arbitrary or remote code execution on the compromised server.
Microsoft has fixed both security vulnerabilities in a cumulative update released on Patch Tuesday, November 2022. However, evidence suggests that hackers exploited the ProxyNotShell vulnerability to launch attacks as early as September 2022.
Will Dormann, the senior vulnerability analyst at ANALYGENCE, tested the security update and confirmed that it works for systems with Exchange Server 2016 and 2019, adding that fixing the Exchange Server 2013 code required some tweaking.
These vulnerabilities affect Exchange Servers. Exchange Online customers are already protected from these vulnerabilities,” the Exchange team said after the patch was released.
