Security News > 2021 > August > ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware

Three so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned over the weekend.

The three ProxyShell vulnerabilities that can be connected in a complete exploit chain are as follows.

The vulnerabilities were discovered and the exploit chain demonstrated in action by researcher Orange Tsai and his colleagues from DEVCORE Research Team at the Pwn2Own contest earlier this year.

Beaumont pointed out that these vulnerabilities are worse than the ProxyLogon flaws, because they are more easily exploitable.

The vulnerabilities have been patched by Microsoft in April and May 2021, but Microsoft failed to assign CVEs to the vulnerabilities at the time and to adequately promote the fact that these could soon lead to serious problems.

Researchers with cybersecurity company Huntress have also been sharing IoCs of active attacks delivering web shells and - later - coin miners and ransomware.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/VsAskwusw2w/