Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell.
The two flaws are:
- CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability
They impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers.