Security News > 2021 > August > WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws
2021-08-23 06:28

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.

Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution.

The development comes a little over a week after cybersecurity researchers sounded the alarm on opportunistic scanning and exploitation of unpatched Exchange servers by taking advantage of the ProxyShell attack chain.

Originally demonstrated at the Pwn2Own hacking contest in April this year, ProxyShell is part of a broader trio of exploit chains discovered by DEVCORE security researcher Orange Tsai that includes ProxyLogon and ProxyOracle, the latter of which concerns two remote code execution flaws that could be employed to recover a user's password in plaintext format.

Now according to researchers from Huntress Labs, at least five distinct styles of web shells have been observed as deployed to vulnerable Microsoft Exchange servers, with over over 100 incidents reported related to the exploit between August 17 and 18.

Web shells grant the attackers remote access to the compromised servers, but it isn't clear exactly what the goals are or the extent to which all the flaws were used.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/St2xsBR9Rz8/microsoft-exchange-under-attack-with.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-34523 Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-287
critical
9.0
2021-07-14 CVE-2021-34473 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1
2021-05-11 CVE-2021-31207 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Security Feature Bypass Vulnerability
network
high complexity
microsoft CWE-434
6.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 775 4527 4650 3617 13569