Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA).
« The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint, » CrowdStrike researchers Brian Pitchford,

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA).
« The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint, » CrowdStrike researchers Brian Pitchford,