Security News > 2022 > October > Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.
Last week, Vietnamese cybersecurity firm GTSC disclosed that some of their customers had been attacked using two new zero-day vulnerabilities in Microsoft Exchange.
To take advantage of this lull before the storm, a scammer has begun creating GitHub repositories where they attempt to sell fake proof-of-concept exploits for the Exchange CVE-2022-41040 and CVE-2022-41082 vulnerabilities.
Huntress Lab's John Hammond has been following these scammers, finding five now-removed accounts attempting to sell the phony exploits.
Another scam account found by Paulo Pacheco impersonated Kevin Beaumont, a well-known security researcher/professional who has been documenting the new Exchange vulnerabilities and available mitigations.
These vulnerabilities are worth far more than $400, with Zerodium offering at least $250,000 for Microsoft Exchange remote code execution zero days.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
| 2022-10-03 | CVE-2022-41040 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 |