CVE-2022-41080: 
vulnerability analysis and mitigation

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41080) was discovered and disclosed in November 2022. The vulnerability affects multiple on-premises versions of Microsoft Exchange Server, including Exchange Server 2013, 2016, and 2019 (Rapid7 Blog).

The vulnerability is known to be chained with CVE-2022-41082 in an attack dubbed 'OWASSRF', which bypasses URL rewrite mitigations that Microsoft provided for ProxyNotShell. This chain allows for remote code execution (RCE) via privilege escalation through Outlook Web Access (OWA) (Rapid7 Blog).

When exploited, the vulnerability allows threat actors to achieve remote code execution and deploy ransomware on affected systems. The attack can lead to complete system compromise, particularly when servers are only utilizing Microsoft's mitigations without applying the proper security updates (Rapid7 Blog).

Microsoft released a security update (KB5019758) in November 2022 to address this vulnerability. Organizations are strongly advised to install this update immediately and not rely on URL rewrite mitigations alone. Additionally, systems should be investigated for indicators of compromise (Rapid7 Blog).