Security News > 2021 > August > Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.
ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.
On Thursday, Orange Tsai gave a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service attack surface.
As part of the talk, Tsai explained that one of the components of the ProxyShell attack chain targets the Microsoft Exchange Autodiscover service.
It is strongly advised that Microsoft Exchange admins install the latest cumulative updates so they are protected from these vulnerabilities.
Tsai states that there are currently 400,000 Microsoft Exchange servers exposed on the Internet, so there are bound to be successful attacks.
News URL
Related news
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)