Security News > 2021 > August > Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.
ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.
On Thursday, Orange Tsai gave a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service attack surface.
As part of the talk, Tsai explained that one of the components of the ProxyShell attack chain targets the Microsoft Exchange Autodiscover service.
It is strongly advised that Microsoft Exchange admins install the latest cumulative updates so they are protected from these vulnerabilities.
Tsai states that there are currently 400,000 Microsoft Exchange servers exposed on the Internet, so there are bound to be successful attacks.
News URL
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)