26 August 2021

Microsoft is urging Exchange users to patch ProxyShell bugs


Microsoft is urging Exchange users to patch ProxyShell bugs

Microsoft has issued a security alert, warning its customers of the actively exploited ProxyShell vulnerabilities affecting multiple on-premises Microsoft Exchange versions.

“This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities,” the Microsoft Exchange team wrote in a recent blog post.

“If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities. Exchange Online customers are also protected (but must make sure that all hybrid Exchange servers are updated).”

“But if you have not installed either of these security updates, then your servers and data are vulnerable. As we have said several times, it is critical to keep your Exchange servers updated with latest available Cumulative Update (CU) and Security Update (SU).”

The vulnerabilities (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207), collectively known as ProxyShell, allow attackers to elevate privileges on the Exchange PowerShell backend and perform unauthenticated, remote code execution.

Earlier this month, researchers at Huntress Labs warned of multiple attacks targeting unpatched Microsoft Exchange servers. They said that at least five distinct styles of webshells were observed being deployed to vulnerable Microsoft Exchange servers, with over 100 incidents related to the exploit reported in just two days – between August 17 and 18. According to the researchers, attackers use the ProxyShell exploit to install a backdoor for later access and post-exploitation.

“Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats. Please update now!,” Microsoft said.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021