Oct 5, 2022

Microsoft updates mitigation for ProxyNotShell Exchange zero days

Posted by in category: futurism

Microsoft has updated the mitigations for the latest Exchange zero-day vulnerabilities tracked as CVE-2022–41040 and CVE-2022–41082, also referred to ProxyNotShell.

The initial recommendations were insufficient as researchers showed that they can be easily bypassed to allow new attacks exploiting the two bugs.

Unfortunately, the current recommendations are still not enough and the proposed mitigation can still allow ProxyNotShell attacks.

Comments are closed.