According to data gathered by the Shadowserver Foundation, more than 60,000 Microsoft Exchange servers remain unpatched against a known remote code execution vulnerability (CVE-2022-41082) that is exploited by ProxyNotShell. Microsoft released fixes to address that flaw and a second vulnerability that is also exploited by ProxyNotShell, in November 2022. The flaws affect Exchange Server 2013, 2016, and 2019. More information https://www.bleepingcomputer.com/news/security/over-60-000-exchange-servers-vulnerable-to-proxynotshell-attacks/
