Security analysts at CrowdStrike reported a new exploit method called OWASSRF that requires a hacker to abuse ProxyNotShell flaws (CVE-2022-41080 and CVE-2022-41082) in Microsoft Exchange servers. Through this, an attacker can pull off RCE attacks via Outlook Web Access (OWA). A deeper study into it led researchers to Play ransomware strains abusing the flaws in Exchange.