Microsoft Exchange ProxyNotShell Remote Code Execution
This Metasploit module chains two vulnerabilities on Microsoft Exchange
Server that, when combined, allow an authenticated attacker to interact
with the Exchange Powershell backend (CVE-2022-41040), where a
deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.
https://packetstormsecurity.com/files/170066/exchange_proxynotshell_rce.rb.txt
Wed, 30 Nov 2022 20:52:52 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com