Bleeping Computer posted an article reporting that more than 60,000 Microsoft Exchange servers have still not been patched against CVE-2022-41082. CVE-2022-41082 is one of the two CVEs that make up the exploit known as ProxyNotShell. For more information, access WaterISAC’s coverage included in the Security & Resilience Update on December 22, 2022 here. The number of vulnerable servers remains concerning, especially as security researchers continue to discover more attackers changing operations to take advantage of ProxyNotShell, the most recent incident of which was the Play ransomware group successfully utilizing the exploit against Rackspace.
Members are highly encouraged to confirm with system administrators that impacted servers in your environment have been addressed.
- While there are patches that fix both vulnerabilities, some customers chose to apply the Microsoft suggested workaround instead of patching. This exploitation bypasses the workaround.
- If you applied the workaround instead of the patches, it is recommended that you immediately apply the November 2022 KB5019758 and investigate for potential system compromise.
- Organizations that run Microsoft Exchange on-premises or in a hybrid model should install the November patches provided by Microsoft to reduce the potential for successful exploitation.
