Security News > 2021 > August > Microsoft Exchange servers are getting hacked via ProxyShell exploits

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.
ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.
Last week, Orange Tsai gave a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service attack surface.
Security researcher Kevin Beaumont began seeing threat actors scan for Microsoft Exchange servers vulnerable to ProxyShell.
Today, Beaumont and NCC Group's vulnerability researcher Rich Warren disclosed that threat actors have exploited their Microsoft Exchange honeypots using the ProxyShell vulnerability.
From a sample shared by Warren with BleepingComputer, the webshells consist of a simple authentication-protected script that the threat actors can use to upload files to the compromised Microsoft Exchange server.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)