Following the release of details last week about three vulnerabilities in Microsoft Exchange, attackers have begun scanning for vulnerable servers, and there are tens of thousands of them online.
The vulnerabilities were discovered by researcher Orange Tsai, who used them in the Pwn2Own contest earlier this year. They were then disclosed to MIcrosoft, which patched them in April, although the bugs were not included in the advisories released tha month and weren’t published until July. The flaws can be chained together in order to gain remote code execution on target servers, and other researchers have been able to reproduce the exploit that Tsai developed. During the Black Hat USA conference last week, Tsai gave a talk in which he detailed the flaws, which seems to have kicked off a wave of scanning for the vulnerabilities by attackers.
On Monday, Jan Kopriva of the SANS Internet Storm Center found more than 30,000 vulnerable Exchange servers online with a Shodan scan, more than 8,000 of which are in the United States. The vulnerabilities affect Exchange Server 2013, 2016, and 2019.
“Since the attack is not dependent on any memory corruption issues, but only on logic bugs in Exchange components, one can expect that most threat actors ‘worthy’ of that title would not have much difficulties in successfully executing it, given the aforementioned availability of information about it,” Kopriva wrote.
The three vulnerabilities, known collectively as ProxyShell, include a security feature bypass (CVE-2021-31207), an elevation of privilege (CVE-2021-34523), and a remote code execution bug (CVE-2021-34473), and Microsoft released patches for all three in April. Organizations that have stayed current on Exchange updates are protected against the exploits on these flaws.
Source of this news: https://duo.com/decipher/attackers-scanning-for-exchange-servers-vulnerable-to-proxyshell
Related posts:
Data parsing is a crucial process that empowers efficient data extraction. It allows us to transform the data collected with web scrapers into a manageable and understandable format. Data parsing ...
Progress today announced the availability of Progress Telerik Fiddler Jam, designed to provide clients with a troubleshooting solution concerning support and development coaches and teams to ad...
Today, NuCypher showed record growth one day – 590%: from a minimum of rate of $ 0. 290181 to a new ATH of $ 2 . 61. NuCypher is a layer attached to encryption and data insurance for Ethereum an...
The Rs 1, 514-crore initial public offering of all Glenmark Life Sciences Ltd. ’s witnessed strong buyer interest on the third on top of that final day of firms. The issue most likely was sub...
Whether they want to or not, Managed Service Providers (MSPs) are being forced to pick up more and more security functions. An endless stream of malware attacks followed by the recent rash of ransomw...
We know a VPN will definitely help mask your identity and therefore hide your location from the internet companies. But is using a VPN service illegal? Have you ever evaluated it? To som...
Researchers helped Spotify detect and address serious credential stuffing operations that affect hundreds of millions of users. On July 3, VpnMentor’s research team, led by Ran Locar and Noam Rote...
The Internet isn't many private or secure website. In fact , there are eyes everywhere: governments, internet service providers, global companies, cyber criminals and many other gangs. One of t...
Been finding how to fix this, This only happens in my second Account not my Adminstrator account. Please help i might be in danger because i work at online! &...
John Greim/Getty Multiple important mortgage refinance rates increased today. Both 15-year fixed and 30-year fixed refinances saw their average rates go up. In addition , the average ...
WordPress managed hosting provider WP Engine announced that it is ending support for .htaccess directives. WP Engine has started End-of-Life (EOL) processes for winding down the use of .htaccess on t...
Reasons to Learn How Do I Hide My Geolocation? At present, Internet users often face difficulties while trying to access a certain resource or perform necessary action. Governments aim to restrict c...
PASADENA, Calif. & SAN JOSE, Calif.--(BUSINESS WIRE)--Jul 22, 2021--Heliogen and Bloom Energy (NYSE: BE) today announced plans to produce green hydrogen using only concentrated solar power and w...
On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and...
This tutorial is about the How to work with user classes on Windows. We will try our best so that you understand this guide. I hope you like this blog How to work with user classes on Windows. If you...
SAN FRANCISCO, April 28, 2022 /PRNewswire/ -- Twitter, Inc. (NYSE: TWTR) today announced financial results for its first quarter 2022. First Quarter 2022 Operational and Financial Highlights Except ...
Ad fraud in the programmatic realm is a serious issue that affects all key industry players, and that’s why it has been the prime focus of all sides concerned for the last couple of years.Ad fraud is...
Source: Windows Central Windows 11 also comes with a wholly redesigned Settings app that accounts for a large percentage of the visual changes in this new OS. The new application features an updated ...
