Security News > 2021 > August > Microsoft Exchange Servers in Attacker Crosshairs

Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week.

Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.

Orange Tsai has been looking for vulnerabilities in Microsoft Exchange Server since October 2020, and he also informed Microsoft about the flaws tracked as ProxyLogon, which ended up being widely exploited by both profit-driven cybercriminals and state-sponsored threat actors.

The researcher said Microsoft released patches for the ProxyShell vulnerabilities in mid-April.

The DEVCORE team used the ProxyShell exploit at the 2021 Pwn2Own hacking contest to take control of an Exchange server, which earned them a $200,000 bug bounty.

While patches have been available for months, there appear to be many Microsoft Exchange servers that are still vulnerable to ProxyShell attacks, so it would not be surprising if multiple threat actors started exploiting the flaws in their operations.

News URL

http://feedproxy.google.com/~r/securityweek/~3/-AnWAmbjM4w/internet-scanned-microsoft-exchange-servers-vulnerable-proxyshell-attacks