New Exploit Method that Bypasses ProxyNotShell Mitigations
New Exploit Method that Bypasses ProxyNotShell Mitigations
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution (RCE) on compromised servers through Outlook Web Access (OWA). The threat actors responsible for this new exploit have been identified as members of the Play ransomware group.