Microsoft Office Online Server open to SSRF-to-RCE exploit

Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead

Security Advisory: Critical Vulnerability for Microsoft Exchange

Microsoft Exchange Server — Attack 2021, by Dhanishtha Awasthi

How to Mitigate CVE-2022-41040- A 0-Day SSRF Vulnerability in Microsoft Exchange Server - The Sec Master

Nicolas Joly (@n_joly) / X

Microsoft Exchange Server Zero-Day Vulnerabilities Exploited

OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations

Microsoft Exchange servers are getting hacked via ProxyShell exploits

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server, MSRC Blog

ProxyNotShell— the story of the claimed zero days in Microsoft Exchange, by Kevin Beaumont

Security Advisory: Critical Vulnerability for Microsoft Exchange

Microsoft Exchange Server-Side Forgery Request (Proxylogin)

Zero Day Initiative — Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments