Security News > 2021 > March > ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

While there is no concrete explanation for the widespread exploitation by so many different groups, speculations are that the adversaries shared or sold exploit code, resulting in other groups being able to abuse these vulnerabilities, or that the groups obtained the exploit from a common seller.

For its part, the Dutch Institute for Vulnerability Disclosure reported Tuesday that it found 46,000 servers out of 260,000 globally that were unpatched against the heavily exploited ProxyLogon vulnerabilities.

"Interestingly, all of them are APT groups focused on espionage, except one outlier that seems related to a known coin-mining campaign. It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later."

Complicating the situation further is the availability of what appears to be the first functional public proof-of-concept exploit for the ProxyLogon flaws despite Microsoft's attempts to take down exploits published on GitHub over the past few days.

"I've confirmed there is a public PoC floating around for the full RCE exploit chain," security researcher Marcus Hutchins said.

While the researchers deliberately decided to omit critical PoC components, the development has also raised concerns that the technical information could further accelerate the development of a working exploit, in turn triggering even more threat actors to launch their own attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/RLLH3Q2VKfw/proxylogon-exchange-poc-exploit.html