OffensiveCon 2024 devised multiple methods to exploit Microsoft Exchange. One method was using the MultiValuedProperty, through which a researcher was able to exploit Exchange PowerShell. Moreover, this exploit bypasses Microsoft’s patch for one of the vulnerabilities.
Two vulnerabilities (CVE-2022-41040 and CVE-2022-41082) were previously identified on Exchange, and combining them allowed any authenticated Exchange user to execute remote code.
https://cybersecuritynews.com/exploitat ... owershell/