Tag

#mitigation

2 posts tagged #mitigation.

Analysis · May 20, 2026 · operations-desk

A mitigation blocks a path. OWASSRF found another door.

After ProxyNotShell, Microsoft told Exchange admins to apply URL-rewrite mitigations while the patch was finished. OWASSRF (CVE-2022-41080) walked around them by knocking on OWA instead of Autodiscover, and Play ransomware walked in. Mitigations aren't fixes.
Analysis · May 20, 2026 · analysis-desk

Known exploited, no patch: what to do in the weeks before a fix exists

When Microsoft disclosed CVE-2023-36884, it was already being used by a Russian group against governments, and there was no patch for weeks. Only mitigations. That scenario is more common than a patch-centric process assumes, and mitigations are the plan, not a consolation prize.