"New Exploit for Microsoft's ProxyNotShell Mitigation Side Steps Fix"

CrowdStrike researchers found a new Play ransomware exploit method that can circumvent Microsoft's rewrite mitigations released in October. Microsoft's fixes were intended to protect against ProxyNotShell vulnerabilities. The researchers uncovered the new technique while studying Play ransomware activity. According to the team, the entry vector was suspected to be zero-day vulnerabilities, tracked as CVE-2022-41080 and CVE-2022-41082. While investigating the attacks, they discovered that the threat actors gained access via Outlook Web Access (OWA) and maintained access using Plink and AnyDesk. This article continues to discuss the new exploit method being used by Play ransomware actors that can bypass URL rewrite mitigations released by Microsoft. 

Cybersecurity Dive reports "New Exploit for Microsoft's Proxynotshell Mitigation Side Steps Fix"

Submitted by Anonymous on