Security News > 2021 > August > New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information.
The issue, tracked as CVE-2021-33766 and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group, and reported through the Zero-Day Initiative program in March 2021.
Microsoft addressed the issue as part of its Patch Tuesday updates for July 2021.
The security issue resides in a feature called Delegated Authentication, which refers to a mechanism whereby the front-end website - the Outlook web access client - passes authentication requests directly to the back-end when it detects the presence of a SecurityToken cookie.
The disclosure adds to a growing list of Exchange Server vulnerabilities that have come to light this year, including ProxyLogon, ProxyOracle, and ProxyShell, which have actively exploited by threat actors to take over unpatched servers, deploy malicious web shells and file-encrypting ransomware such as LockFile.
Troublingly, in-the-wild exploit attempts abusing ProxyToken have already been recorded as early as August 10, according to NCC Group security researcher Rich Warren, making it imperative that customers move quickly to apply the security updates from Microsoft.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-33766 | Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 7.3 |