A new exploit chain is being used by Play ransomware affiliates to bypass ProxyNotShell mitigations and gain remote code execution on unpatched Microsoft Exchange servers through Outlook Web Access (OWA).

CrowdStrike incident responders discovered the exploit (dubbed OWASSRF) while investigating recent Play ransomware attacks where compromised Exchange servers were used to infiltrate the victims' networks.

https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-new-microsoft-exchange-exploit-to-breach-servers/