1.2 KiB
Date: 2022-10-10
a critical 0-day vuln exists in Microsoft-Exchange/OWA, that is currently used by malicious actors to install backdoors onto systems; please find links with more details and informations below.
Microsoft did not delivered patches yet, and all mitigations have been bypassed easily.
There are no details about the vuln itself available, and all tests/scans must be seen as unverified with possible False Positives and False Negatives.
Please investigate the IPs carefully for signs of compromise ot misuse. Datails on possible backdoors are to be found in the first Reference-Article.
References:
https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9
CVE : CVE-2022-41082 Vendor : Microsoft Product : Exchange/OWA
Patches : not available Exploits : private exploits available
we found various IPs in your ORG/ASN, matching criteria for possible vulnerable systems
False-Positive-Level: likely
please find a list of affected IPs below and more information on that problem here: