Security News > 2021 > August > Microsoft: ProxyShell bugs “might be exploited,” patch servers now!

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.

Although Microsoft fully patched the ProxyShell bugs by May 2021, they didn't assign CVE IDs for the vulnerabilities until July, preventing some orgs with unpatched servers from discovering that they had vulnerable systems on their networks.

Security researchers and the US Cybersecurity and Infrastructure Security Agency have already warned admins to patch their Exchange servers to defend against ongoing attacks using ProxyShell exploits that started in early August.

"This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities," The Exchange Team said.

Just as it happened in March, attackers are now scanning for and hacking Microsoft Exchange servers using the ProxyShell vulnerabilities after security researchers and threat actors reproduced a working exploit.

Until Microsoft releases further guidance on protecting and detecting vulnerable servers against exploitation, you can find detailed info on how to identify unpatched Exchange servers and how to detect exploitation attempts in the blog post published by security researcher Kevin Beaumont.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/