Microsoft Office Online Server open to SSRF-to-RCE exploit

Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead

OWASSRF Exploit – Targeting Arbitrary Code Execution on Microsoft Exchange OWA

Microsoft Exchange Server — Attack 2021, by Dhanishtha Awasthi

Microsoft Office Online Server open to SSRF-to-RCE exploit

Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)

OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations

Microsoft Exchange Server — Attack 2021, by Dhanishtha Awasthi

New Microsoft Exchange Zero-Day Vulnerabilities Exploited by State-Sponsored Hackers - CPO Magazine

Two Zero Day Vulnerabilities Discovered in Microsoft Exchange Server, Patches Pending - DuoCircle

OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations

Microsoft Office Online Server open to SSRF-to-RCE exploit

New Exchange Exploits Exploited in the Wild