Security researchers with the Shadowserver Foundation announced that 60,865 Microsoft Exchange servers have not yet been patched to defend against the CVE-2022-41082 remote code execution flaw, reports BleepingComputer.
This number is down from 83,946 instances recorded in mid-December. The vulnerability and one other, identified as CVE-2022-41040, are collectively called ProxyNotShell, and allow threat actors to escalate privileges on servers they have successfully compromised, up to securing arbitrary or remote code execution.
A patch to address the flaws was released by Microsoft in November.
Mitigation measures provided earlier are becoming less effective, raising the importance of fully patching the servers. For example, a new exploit chain is currently active and works by bypassing ProxyNotShell URL rewrite mitigations to achieve remote code execution on vulnerable servers via Outlook Web Access.
Various cybercrime groups have jumped at the opportunity, including the FIN7 cybercrime organization, which created Checkmarks, a custom auto-attack platform designed to breach lucrative Exchange servers by scanning for related vulnerabilities.
More than 8,000 organizations have already been infiltrated by the platform, with 16.7% located in the U.S., according to threat intelligence firm Prodaft.
Email security, Vulnerability Management
Over 60,000 Microsoft Exchange servers still unpatched against ProxyNotShell exploits
Share
Related Events
Related Terms
BugBuffer OverflowBring Your Own Device (BYOD)DisassemblyEavesdroppingEmail SpoofingInternet Message Access Protocol (IMAP)Post Office Protocol, Version 3 (POP3)SpamStore-and-ForwardGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds