Microsoft Office Online Server open to SSRF-to-RCE exploit

Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead

Microsoft Office Online Server: Unfixed RCE vulnerability – Born's Tech and Windows World

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Security Advisory: Critical Vulnerability for Microsoft Exchange

Failed Cobalt Strike fix with buried RCE exploit now patched

Microsoft Office Online Server open to SSRF-to-RCE exploit

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

New Microsoft Exchange Vulnerabilities Discovered: CVE-2022-41082 (RCE) & CVE-2022-41040 (SSRF)

Microsoft Office Online Server open to SSRF-to-RCE exploit

Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082

Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

Attackers Exploit New Zero-Day ProxyNotShell Vulnerabilities on Exchange Server