Security News > 2021 > August > Microsoft Exchange Servers in Attacker Crosshairs
Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week.
Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.
Orange Tsai has been looking for vulnerabilities in Microsoft Exchange Server since October 2020, and he also informed Microsoft about the flaws tracked as ProxyLogon, which ended up being widely exploited by both profit-driven cybercriminals and state-sponsored threat actors.
The researcher said Microsoft released patches for the ProxyShell vulnerabilities in mid-April.
The DEVCORE team used the ProxyShell exploit at the 2021 Pwn2Own hacking contest to take control of an Exchange server, which earned them a $200,000 bug bounty.
While patches have been available for months, there appear to be many Microsoft Exchange servers that are still vulnerable to ProxyShell attacks, so it would not be surprising if multiple threat actors started exploiting the flaws in their operations.
News URL
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)