Frequently Asked Questions

ProxyNotShell Vulnerability & Cymulate's Assessment

What is the ProxyNotShell vulnerability in Microsoft Exchange?

The ProxyNotShell vulnerability refers to a set of zero-day vulnerabilities in on-premises Microsoft Exchange servers (CVE-2022-41082 and CVE-2022-41040) that, when chained together, allow remote code execution attacks. These vulnerabilities have been actively exploited by nation-state and financially motivated attackers, and as of the time of the referenced blog post, Microsoft had not released official patches, recommending mitigation via blocking rules instead. (Source: Cymulate Blog)

How does Cymulate help organizations test for ProxyNotShell exposure?

Cymulate provides a custom-made assessment for ProxyNotShell, enabling organizations to estimate their degree of exposure to these vulnerabilities. This assessment is available within the Cymulate platform and has been added as an attack vector in the advanced scenarios section. Customers can log in and test their environments directly, while prospects can request a demo to quickly check their exposure. (Source: Cymulate Blog)

Is the ProxyNotShell assessment available to all Cymulate customers?

Yes, the ProxyNotShell assessment has been integrated into the Cymulate platform. All customers can access it by logging into their consoles. Prospects can request a demo to evaluate their exposure. (Source: Cymulate Blog)

How does Cymulate keep its ProxyNotShell assessment up to date?

The Cymulate Research Lab continuously monitors threat intelligence and updates the ProxyNotShell assessment as new information emerges. The assessment is part of the advanced scenarios in the platform and is maintained to reflect the latest attack techniques. (Source: Cymulate Blog)

What should organizations do if they still rely on on-premises Microsoft Exchange?

Organizations relying on on-premises Microsoft Exchange should prioritize continuous security validation to discover, assess, and reduce risk. Evaluating a transition to a managed cloud instance is recommended for improved security and resilience, as cloud-based options are often safer and more robust. (Source: Cymulate Blog)

Where can I read more about ProxyNotShell and related research?

You can read the Cymulate Research Lab's article on ProxyNotShell in The Hacker News and find additional resources and technical breakdowns on the Cymulate blog. (Source: Cymulate Blog)

How many Exchange servers are potentially vulnerable to ProxyNotShell?

According to a Shodan report referenced in the Cymulate blog, over 205,247 on-premises Microsoft Exchange servers are Internet-accessible and potentially vulnerable to ProxyNotShell attacks. (Source: Cymulate Blog)

What mitigation steps did Microsoft recommend for ProxyNotShell?

At the time of the ProxyNotShell disclosure, Microsoft had not released official patches and recommended adding a blocking rule as a mitigation measure. However, researchers noted that the proposed rule was too specific and could be bypassed, suggesting broader alternatives. (Source: Cymulate Blog)

How does Cymulate's ProxyNotShell assessment fit into its overall platform?

The ProxyNotShell assessment is part of Cymulate's advanced scenarios and exposure validation capabilities. It enables organizations to test for specific vulnerabilities as part of a broader, continuous security validation strategy. (Source: Cymulate Blog)

Can Cymulate help organizations validate mitigations for ProxyNotShell?

Yes, Cymulate's assessment allows organizations to validate whether their mitigations for ProxyNotShell are effective by simulating attack scenarios and measuring exposure. (Source: Cymulate Blog)

Features & Capabilities

What features does Cymulate offer for exposure management and security validation?

Cymulate offers a unified platform that includes Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), exposure prioritization, and advanced scenario testing. The platform enables continuous threat validation, actionable remediation, and integrates with existing security tools for comprehensive exposure management. (Source: Cymulate Press Release)

Does Cymulate support integration with other security tools?

Yes, Cymulate integrates with a wide range of industry-leading security tools, including EDR/anti-malware (e.g., CrowdStrike Falcon, SentinelOne), cloud security (e.g., AWS GuardDuty, Wiz), SIEM (e.g., Splunk), vulnerability management (e.g., Rapid7 InsightVM), and network security (e.g., Akamai Guardicore). For a full list, visit the Cymulate Partnerships and Integrations page.

How does Cymulate help organizations prioritize vulnerabilities?

Cymulate ranks vulnerabilities based on exploitability, business context, and threat intelligence, enabling organizations to focus remediation efforts on the most critical exposures. (Source: About Cymulate)

What technical documentation is available for Cymulate?

Cymulate provides a range of technical resources, including a whitepaper on the Exposure Management Platform, data sheets on platform capabilities and custom attacks, a technology integrations data sheet, and documentation on MITRE ATT&CK alignment. These resources are available on the Cymulate Resources page.

How does Cymulate align with the MITRE ATT&CK framework?

Cymulate's platform is aligned with the MITRE ATT&CK framework, enabling comprehensive threat simulation and validation across the full kill chain. This helps organizations assess their defenses against real-world adversary tactics and techniques. (Source: MITRE ATT&CK at Cymulate)

Use Cases & Benefits

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, Security Operations (SecOps) teams, Red Teams, Detection Engineers, and Vulnerability Management teams across industries such as finance, healthcare, and technology. It is suitable for organizations seeking to continuously validate and improve their cybersecurity posture. (Source: EM Platform Message Guide.pdf)

What business impact can organizations expect from Cymulate?

Organizations using Cymulate typically achieve a 30% improvement in threat prevention, a 52% reduction in critical exposures, a 60% increase in operational efficiency, and an 81% reduction in cyber risk within four months. (Source: Cymulate Demo Page)

Are there customer success stories related to Cymulate's effectiveness?

Yes, for example, Hertz Israel reduced cyber risk by 81% within four months using Cymulate, Nemours Children's Health improved detection and response, and Nedbank focused on critical vulnerabilities by replacing manual processes. More case studies are available on the Cymulate Customers page.

How does Cymulate address the pain points of security teams?

Cymulate addresses pain points such as overwhelming threat volume, lack of visibility, unclear prioritization, operational inefficiencies, fragmented tools, cloud complexity, and communication barriers by providing continuous threat validation, actionable insights, automation, and unified exposure management. (Source: manual)

How easy is Cymulate to implement and use?

Cymulate is known for its quick deployment and ease of use. It operates in agentless mode, requires minimal configuration, and provides an intuitive dashboard. Customers report being able to start simulations almost immediately after deployment. (Source: Cymulate Website)

What feedback have customers given about Cymulate's usability?

Customers consistently praise Cymulate for its intuitive and user-friendly design. Testimonials highlight the ease of implementation, the user-friendly dashboard, and the platform's accessibility for both technical and non-technical users. (Source: Cymulate Website, EM Platform Message Guide.pdf)

Security, Compliance & Trust

What security and compliance certifications does Cymulate hold?

Cymulate is certified for SOC2 Type II, ISO 27001:2013 (Information Security Management), ISO 27701 (Privacy Information Management), ISO 27017 (Cloud Services Security), and CSA STAR Level 1. These certifications demonstrate Cymulate's commitment to industry-leading security and privacy standards. (Source: Cymulate Security Page)

How does Cymulate ensure data security and privacy?

Cymulate's services are hosted in secure AWS data centers with ISO 27001, PCI DSS, and SOC 2/3 compliance. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). The company follows a secure development lifecycle, conducts regular vulnerability scans and penetration tests, and provides GDPR readiness. (Source: Cymulate Security Page)

Does Cymulate provide compliance reporting support?

Yes, Cymulate provides compliance evidence report templates to help organizations demonstrate alignment with key industry standards and regulatory frameworks. (Source: Cymulate Security Page)

Competition & Comparison

How does Cymulate compare to AttackIQ?

Cymulate offers the industry's leading threat scenario library and AI-powered capabilities for streamlined workflows and accelerated security posture improvement. AttackIQ does not match Cymulate's level of innovation, threat coverage, or ease of use. (Source: Cymulate vs AttackIQ)

What differentiates Cymulate from Mandiant Security Validation?

Mandiant's platform has seen minimal innovation in recent years, while Cymulate continually innovates with AI and automation, expanding into exposure management and recognized as a grid leader. (Source: Cymulate vs Mandiant)

How does Cymulate compare to Pentera?

Pentera focuses on attack path validation but lacks Cymulate's depth in fully assessing and strengthening defenses. Cymulate optimizes defense, scales offensive testing, and increases exposure awareness. (Source: Cymulate vs Pentera)

What are the advantages of Cymulate over Picus Security?

Picus Security is suitable for on-premise BAS needs but lacks Cymulate's comprehensive exposure validation platform, which covers the full kill chain and includes cloud control validation. (Source: Cymulate vs Picus)

How does Cymulate compare to SafeBreach?

Cymulate outpaces SafeBreach with unmatched innovation, precision, and automation. It offers the industry's largest attack library, a full CTEM solution, and comprehensive exposure validation. (Source: Cymulate vs SafeBreach)

What makes Cymulate different from Scythe?

Scythe is suitable for advanced red teams but lacks Cymulate's ease of use, daily threat updates, and comprehensive control validation. Cymulate provides actionable remediation and automated mitigation. (Source: Cymulate vs Scythe)

How does Cymulate compare to NetSPI?

NetSPI is a PTaaS vendor, while Cymulate offers a platform for continuous, independent assessment and defense strengthening. Cymulate is recognized as a leader in exposure validation by Gartner and G2. (Source: Cymulate Competitors Page)

Pricing & Plans

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios required. For a personalized quote, organizations can schedule a demo with Cymulate's team. (Source: manual)

Company Information & Vision

What is Cymulate's mission and vision?

Cymulate's vision is to lead the way in how companies think about and implement cybersecurity strategies, making the world a safer place. Its mission is to empower organizations worldwide against threats and make advanced cybersecurity as simple as sending an email. (Source: About Cymulate)

How large is Cymulate and what is its global reach?

Cymulate was founded in 2016 and has a global presence with offices in eight locations and customers in 50 countries. Over 1,000 customers rely on Cymulate's platform. (Source: About Cymulate)

Blog, Research & Events

Where can I read the latest Cymulate research and threat intelligence?

You can stay updated on the latest threats and Cymulate research by visiting the Cymulate Blog.

How can I subscribe to the Cymulate blog?

To subscribe to the Cymulate blog, you will need to provide your full name, email address, and country of residence. (Source: Cymulate Privacy Policy)

Where can I find more research and blog posts by Cymulate Research Lab?

You can find more research and blog posts by Cymulate Research Lab at the Cymulate Research Lab author page.

Who authored the ProxyNotShell blog post and where can I learn more about them?

The ProxyNotShell blog post was authored by Dave Klein. You can learn more about Dave Klein on the Cymulate Author page.

Where can I find news, events, and blog posts from Cymulate?

You can find news, events, and blog posts from Cymulate on the blog, in the newsroom, and on the events page.

New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Test Against the Newest Microsoft Exchange Vulnerability: ProxyNotShell

By: Dave Klein

Last Updated: July 1, 2025

cymulate blog article

Throughout the year, we saw both nation-state and financially motivated attackers focused on finding and exploiting new on-premises MS Exchange vulnerabilities. The most successful exploits found were ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 used by many attackers. This included attacks in March of this year, where The DFIR Report disclosed that Iranian nation-state actors were exploiting MS Exchange Proxy Shell vulnerabilities to gain initial access and execute code via multiple web shells. By September, attackers were still having success taking advantage of MS Exchange ProxyShell vulnerabilities and were being used by Chinese nation-state actors, among many others.

The Rise of ProxyNotShell  

A Vietnamese cybersecurity firm GTSC released a blog post, noting a new on-premises MS Exchange zero-day, exploited vulnerability CVE-2022-41082, that when combined with another CVE-2022-41040, could lead to remote code executable attacks. It is particularly important to note that at the time of the writing of this blog post, Microsoft does not have any patches released to fix these vulnerabilities and suggests adding a blocking rule as a mitigation measure. Other researchers pointed out that Microsoft’s proposed blocking rule was too specific and could easily be bypassed, suggesting a more significant, less specific alternative, designed to cover a broader set of attacks. Checking the Shodan Report, we find that over 205,247 on-premises MS Exchange servers that are vulnerable to the ProxyNotShell attack can be Internet reached. 

For Cymulate Customers and Prospects 

To help the industry defend itself, our Cymulate Research Lab team did a terrific article for The Hacker News, which I highly recommend as a must-read and should be helpful for all who still run on-premises MS Exchange. To further protect our customers and partners, the Cymulate Research Lab team has also developed a custom-made assessment for ProxyNotShell for the Cymulate solution that enables organizations to estimate exactly their degree of exposure within their enterprise. It has also been added as an attack vector to the advanced scenarios portion of the solution as well. The article describes it well and it has already been updated within the solution. Cymulate customers only need to log in to their consoles and test. For prospects, we will be more than happy to offer a demo to allow you to quickly check your enterprises as well. 

Final Takeaways 

The most effective way to discover, assess, and reduce risk is through continuous security validation. If your organization still relies on on-premises Microsoft Exchange, now is a good time to evaluate whether transitioning to a more secure, managed cloud instance aligns with your long-term security strategy. While there are no silver bullets in cybersecurity, cloud-based options are often the safer and more resilient choice for many enterprises.

image
Dave Klein
With over 21 years in high-tech leadership, Dave Klein has a solid history of driving revenue through sales and marketing. Known for crafting compelling solution messaging, he effectively communicates with decision-makers, analysts, and partners. Dave's passion for field enablement makes him a dynamic teacher, ensuring success for his team and partners alike. Dave’s long career includes working on the NIST response to President Obama’s Policy Directive 21 on Critical Infrastructure Security and Resilience, leading some of the largest sales engagements for US Federal security solutions, and working with the City of New York post 9/11, helping shore up cyber defenses.
More about Author
Table of Contents
The Rise of ProxyNotShell   For Cymulate Customers and Prospects  Final Takeaways 
Cymulate Exposure Validation makes advanced security testing fast and easy. When it comes to building custom attack chains, it's all right in front of you in one place.
Mike Humbert, Cybersecurity Engineer
DARLING INGREDIENTS INC.
Learn More

Featured Resources

View More Resources
image
Data Sheet

Cymulate Vero AI

Cymulate Vero AI delivers secure, domain-specific cybersecurity AI with private infrastructure and zero customer data training.

Read More
image
Data Sheet

Cymulate Threat Studio

Cymulate Threat Studio enables teams to build and customize attack simulations to validate defenses.

Read More
image
Data Sheet

Cymulate Detection Studio

Cymulate Detection Studio automates SIEM rule validation and detection tuning against real-world attacks.

Read More

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo