"Over 60,000 Exchange Servers Vulnerable to ProxyNotShell Attacks"

One of the two security flaws targeted by ProxyNotShell exploits, the CVE-2022-41082 Remote Code Execution (RCE) vulnerability, has not been patched on more than 60,000 online Microsoft Exchange Servers. According to security researchers at the Shadowserver Foundation, almost 70,000 Microsoft Exchange Servers are vulnerable to ProxyNotShell attacks based on version information. The number of vulnerable Exchange Servers decreased from 83,946 instances in mid-December to 60,865 instances on January 2. The two vulnerabilities, tracked as CVE-2022-41082 and CVE-2022-41040 and known together as ProxyNotShell, impact Exchange Server 2013, 2016, and 2019. If exploited, this vulnerability allows attackers to elevate privileges and execute arbitrary or remote code on affected servers. Microsoft released security fixes to address the vulnerabilities in November 2022, despite ProxyNotShell attacks being observed in the wild since at least September 2022. Since September 30, the threat intelligence firm GreyNoise has been monitoring ongoing ProxyNotShell exploitation and providing information on ProxyNotShell scanning activities and a list of IP addresses associated with the attacks. Exchange Servers are valuable targets, as evidenced by the FIN7 cybercrime group's development of Checkmarks, a custom auto-attack platform aimed at breaching Exchange Servers. This article continues to discuss the vulnerability of over 60,000 Exchange Servers to ProxyNotShell exploits. 

Bleeping Computer reports "Over 60,000 Exchange Servers Vulnerable to ProxyNotShell Attacks"