Security News > 2022 > November > How to hack an unpatched Exchange server with rogue PowerShell code
Were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution on the Exchange server itself.
It does mean that an automated Python script can't just scan the whole internet and potentially exploit every Exchange server in the world in a matter of minutes or hours, as we saw happen with ProxyLogon and ProxyShell in 2021.
You need a password, but finding one email address and password combination valid at any given Exchange server is probably not too difficult, unfortunately.
The bad news, depending on your opinion of overt exploit disclosures, is that the ZDI team has now effectively provided a proof-of-concept explaning how to attack Exchange servers.
Even if you never get to recover the output of the command, just instantiating such an object would nevertheless let you choose a command to run, thus giving you generic remote code execution and presenting a risk limited only by the access rights of the server process itself.
You might expect Exchange to prevent the remote creation even of low-risk objects, to minimise the threat even further.