Security News > 2022 > October > Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub

Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub
2022-10-03 21:47

Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.

Last week, Vietnamese cybersecurity firm GTSC disclosed that some of their customers had been attacked using two new zero-day vulnerabilities in Microsoft Exchange.

To take advantage of this lull before the storm, a scammer has begun creating GitHub repositories where they attempt to sell fake proof-of-concept exploits for the Exchange CVE-2022-41040 and CVE-2022-41082 vulnerabilities.

Huntress Lab's John Hammond has been following these scammers, finding five now-removed accounts attempting to sell the phony exploits.

Another scam account found by Paulo Pacheco impersonated Kevin Beaumont, a well-known security researcher/professional who has been documenting the new Exchange vulnerabilities and available mitigations.

These vulnerabilities are worth far more than $400, with Zerodium offering at least $250,000 for Microsoft Exchange remote code execution zero days.


News URL

https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
0.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399
Github 12 2 45 29 19 95