cve-2022-41040 – PossibleThreat Articles

Security Sophos

How to hack an unpatched Exchange server with rogue PowerShell code

November 22, 2022 0 Comments :proxynotshell, 0 day, cve-2022-41040, cve-2022-41082, Microsoft, Uncategorized, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 22 Nov 2022 17:54:04 +0000

Review your servers, your patches and your authentication policies – there’s a proof-of-concept out

MalwareBytes Security

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected

October 12, 2022 0 Comments Adobe, Android, Apple, cve-2022-41033, cve-2022-41040, Exploits and vulnerabilities, fortinet, Google, Microsoft, news, Samsung, sap, vmware, xiaomi, zero day

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Android

Tags: Samsung

Tags: Xiaomi

Tags: Adobe

Tags: SAP

Tags: VMWare

Tags: Fortinet

Tags: CVE-2022-41033

Tags: CVE-2022-41040

Tags: zero-day

No fix for ProxyNotShell

(Read more…)

The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.

MalwareBytes Security

[updated]Two new Exchange Server zero-days in the wild

October 4, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Exploits and vulnerabilities, news, proxyshell, rce, remote powershell, ssrf, web shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post [updated]Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Security Sophos

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

October 1, 2022 0 Comments :proxynotshell, chester wisniewski, cve-2022-41040, cve-2022-41042, exchange, Microsoft, Podcast, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Sat, 01 Oct 2022 14:05:59 +0000

Who’s affected, what you can do while waiting for Microsoft’s patches, and how to plan your threat hunting…

MalwareBytes Security

Two new Exchange Server zero-days in the wild

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Exploits and vulnerabilities, news, proxyshell, rce, remote powershell, ssrf, web shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Independent Krebs Security

Microsoft: Two New 0-Day Flaws in Exchange Server

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, gtsc, Latest Warnings, microsoft exchange server zero-day, steven adair, The Coming Storm, Time to Patch, volexity, zimbra collaboration suite

Credit to Author: BrianKrebs| Date: Fri, 30 Sep 2022 16:51:57 +0000

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Security Sophos

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Fri, 30 Sep 2022 13:25:11 +0000

Double-play 0-day in Exchange – what you need to know, and what you can do