Zero Day Initiative - Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty
Briefly

from Zero Day Initiative5 months ago
"CVE-2022-41040 and CVE-2022-41082 allowed any authenticated Exchange user to achieve remote code execution, with ProxyNotShell exploited prior to Microsoft's patch release."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty
"The original patch for the path confusion did not resolve the root issue; it merely placed the vulnerability behind authentication, allowing exploitation post-patch."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty
Read at Zero Day Initiative
#cybersecurity #vulnerabilities #exchange-server #remote-code-execution #patch-management
[
|
]