New wave of attacks use ProxyNotShell/OWASSRF vulnerabilities to target Microsoft Exchange

Researchers at S.C. Bitdefender SRL today warned of a new wave of attacks using known vulnerabilities to target Microsoft Exchange.

The researchers started to notice an increase in attacks using ProxyNotShell/OWASSRF exploits to target on-premises Microsoft Exchange deployments at the end of November. The Server-Side Request Forgery attacks allow an attacker to send a crafted request from a vulnerable server to a second server, allowing the attacker to access resources and perform actions on the vulnerable server.

Read more…
Source: SiliconANGLE