cve-2022-41082 – PossibleThreat Articles

How to hack an unpatched Exchange server with rogue PowerShell code

November 22, 2022 0 Comments :proxynotshell, 0 day, cve-2022-41040, cve-2022-41082, Microsoft, Uncategorized, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 22 Nov 2022 17:54:04 +0000

Review your servers, your patches and your authentication policies – there’s a proof-of-concept out

Independent Krebs Security

Patch Tuesday, November 2022 Election Edition

November 8, 2022 0 Comments askwoody, cve-2022-41073, cve-2022-41080, cve-2022-41082, cve-2022-41091, cve-2022-41125, cve-2022-41128, immersive labs, kevin breen, Microsoft, microsoft patch tuesday november 2022, sans internet storm center, satnam narang, tenable, Time to Patch, Windows, windows print spooler

Credit to Author: BrianKrebs| Date: Wed, 09 Nov 2022 01:50:14 +0000

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

MalwareBytes Security

[updated]Two new Exchange Server zero-days in the wild

October 4, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Exploits and vulnerabilities, news, proxyshell, rce, remote powershell, ssrf, web shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

MalwareBytes Security

Two new Exchange Server zero-days in the wild

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Exploits and vulnerabilities, news, proxyshell, rce, remote powershell, ssrf, web shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Independent Krebs Security

Microsoft: Two New 0-Day Flaws in Exchange Server

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, gtsc, Latest Warnings, microsoft exchange server zero-day, steven adair, The Coming Storm, Time to Patch, volexity, zimbra collaboration suite

Credit to Author: BrianKrebs| Date: Fri, 30 Sep 2022 16:51:57 +0000

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Security Sophos

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Fri, 30 Sep 2022 13:25:11 +0000

Double-play 0-day in Exchange – what you need to know, and what you can do