Microsoft Exchange - ProxyShell Flaw Exploited
Reading Time: < 1 minute

Threat actors are actively exploiting Microsoft Exchange – ProxyShell Flaw to exploit and hack over 1900 servers.

The US Cybersecurity and Infrastructure Security Agency issued a warning about the latest Microsoft Exchange flaw. Microsoft had earlier patched the ProxyShell vulnerabilities earlier in May, this also included deploying LockFile ransomware on compromised systems.

The vulnerabilities tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 enables threat actors to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. Earlier on April 13, Microsoft has patched CVE-2021-34473, CVE-2021-34523 vulnerabilities, while the CVE-2021-31207 was shipped as part of the Windows maker’s May Patch Tuesday updates.

According to CISA, “An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine.”

The warning comes a week after Cybersecurity researchers discovered the suspicious activity of scanning and exploitation of unpatched Exchange servers by leveraging the ProxyShell attack chain. Earlier this year in April, similar exploitation was demonstrated at the Pwn2Own hacking contest.

Huntress Labs CEO Kyle Hanslovan tweeted about more than 140 web shells detected and nearly 1900 unpatched Exchange servers to date. He further added, “impacted [organizations] thus far include building manufacturing, seafood processors, industrial machinery, auto repair shops, a small residential airport and more.”

Related Articles:

SynAck ransomware decryptor allows victims to recover files for free
Cloudflare Wards off the Largest DDoS attack involving 17.2 million rps
AT&T database of 70 million users sold on Hacker Forum