Published: 11/10/2022 Updated: 20/12/2023

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 0

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 -
microsoft windows 10 1607
microsoft windows server 2008 r2
microsoft windows 7 -
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows rt 8.1 -
microsoft windows server 2012 -
microsoft windows server 2008 -
microsoft windows 8.1 -
microsoft windows server 2019 -
microsoft windows 10 1809
microsoft windows 10 20h2
microsoft windows 10 21h1
microsoft windows server 2022 -
microsoft windows 11 -
microsoft windows 10 21h2
microsoft windows 11 22h2

It’s Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes

The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources And for bonus points, there's a Windows flaw under active exploit

Patch Tuesday Microsoft fixed more than 80 security flaws in its products for October's Patch Tuesday. But let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. CVE-2022-41040 is a server-side request forgery vulnerability while CVE-2022-41082 is a remote code execution (RCE) bug. Both can be exploited together to run PowerShell commands on a vulnerable system and take control of it. Vietnamese cybers...

CVE-2022-30198

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect