"New Wave of Attacks Use Known Vulnerabilities to Target Microsoft Exchange"

Researchers at Bitdefender warn of a new wave of attacks exploiting known Microsoft Exchange vulnerabilities. At the end of November 2022, researchers observed an uptick in attacks involving ProxyNotShell/OWASSRF exploits targeting on-premises Microsoft Exchange deployments. The Server-Side Request Forgery (SSRF) attacks allow an attacker to send a specially crafted request from a vulnerable server to a second server. This allows them to gain access to the vulnerable server's resources and carry out malicious activities on the server. SSRF flaws are among the most commonly exploited vulnerabilities. If a web application is vulnerable to SSRF, an attacker could send a request from the vulnerable server to a local network resource that is normally inaccessible to the attacker. An attacker could also send a request to an external server, such as a cloud service, to perform actions on behalf of the vulnerable server. Multiple techniques are combined to establish exploit chains that result in Remote Code Execution (RCE) in the latest wave of attacks against Microsoft Exchange. This article continues to discuss findings regarding the new set of attacks targeting Microsoft Exchange.

SiliconANGLE reports "New Wave of Attacks Use Known Vulnerabilities to Target Microsoft Exchange"