Security News > 2021 > August > Microsoft Exchange Servers in Attacker Crosshairs

Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week.
Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.
Orange Tsai has been looking for vulnerabilities in Microsoft Exchange Server since October 2020, and he also informed Microsoft about the flaws tracked as ProxyLogon, which ended up being widely exploited by both profit-driven cybercriminals and state-sponsored threat actors.
The researcher said Microsoft released patches for the ProxyShell vulnerabilities in mid-April.
The DEVCORE team used the ProxyShell exploit at the 2021 Pwn2Own hacking contest to take control of an Exchange server, which earned them a $200,000 bug bounty.
While patches have been available for months, there appear to be many Microsoft Exchange servers that are still vulnerable to ProxyShell attacks, so it would not be surprising if multiple threat actors started exploiting the flaws in their operations.
News URL
Related news
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)