Threat Awareness – Threat Actors Currently Bypassing Previous ProxyNotShell Workaround for Microsoft Exchange

CrowdStrike recently observed a new exploit method, dubbed OWASSRF (Outlook Web Access Server-Side Request Forgery), which consists of a chaining of CVE-2022-41080 and CVE-2022-41082 (both CVE’s combined are also recognized as ProxyNotShell) on affected Microsoft Exchange servers to achieve remote code execution (RCE) through Outlook Web Access. This is actively being exploited by the Play ransomware group.