Microsoft Exchange ProxyShell Targeting in Australia – Mirage News

photo 1548092372 0d1bd40894a3?ixlib=rb 1.2 ProxyEgg Microsoft Exchange ProxyShell Targeting in Australia - Mirage News
Australian Cyber Security Centre

Background / What has happened?

The ACSC is tracking three vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 known collectively as ProxyShell) in Microsoft Exchange Servers that allow for unauthenticated remote code execution and arbitrary file upload with elevated privileges.

It is likely that threat actors will actively exploit these vulnerabilities against vulnerable Microsoft Exchange Servers.

  • CVE-2021-34473 provides a mechanism for pre-authentication remote code execution, enabling malicious actors to remotely execute code on an affected system.
  • CVE-2021-34523 enables malicious actors to execute arbitrary code post-authentication on Microsoft Exchange servers due to a flaw in the PowerShell service not properly validating access tokens.
  • CVE-2021-31207 enables post-authentication malicious actors to execute arbitrary code in the context of SYSTEM and write arbitrary files.

Microsoft released patches to these vulnerabilities in April and May 2021.

Additional information can be found in the Microsoft advisories:

Mitigation / How do I stay secure?

The ACSC strongly recommends that organisations urgently:

  • Review their networks for vulnerable instances of Microsoft Exchange Servers.
  • Update their Microsoft Exchange Servers as identified in the Microsoft Advisories above.
  • Identify evidence of exploitation activity by reviewing proxy logs for requests to autodiscover/autodiscover.json with response code 200, 301 or 302 and containing one of the following strings:
    • powershell
    • mapi/nspi
    • mapi/emsmdb
    • EWS/
    • X-Rps-CAT

Microsoft has released security patches for the following versions of Microsoft Exchange:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Assistance/ where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371). The ACSC also recommends that organisations implement web shell mitigation steps.

/Public Release. This material comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.

Source of this news: https://www.miragenews.com/microsoft-exchange-proxyshell-targeting-in-616365/

Related posts:

Oracle Cloud now provides Arm CPUs at one cent per core hour - iTWire
Oracle today announced a new range of Arm compute instances based on Ampere’s ARM processors along with the tools and support to accelerate Arm-based application development. The new Arm offerings c...
Find Tracing - What You Need to Know difficult techPresident
Contact tracing was, and is, a critical feature in aiding governments monitor the multiplication of the covid-19 virus. Our own NSO-group was right at you see, the forefront of contact searching for...
Bidirectional IP With New Info Radio - Hackaday
There are a few options should you want to network computers on groupie radio. There are WiFi hacks of sort, and of course there’s always packet radio. New Packet Car stereo , a project from [f4...
Solution to watch restricted YouTube presentations without signing in? important Gadget Bridge
Streaming YouTube has become a synonym available for watching videos on the internet. Facebook uploads a wide range of content cross binge-watch with no difficulties. But rather YouTube does also...
Why Modernize Your Legacy Monitoring? - IT Jungle
April 25, 2022 Ash Giddings Modernization is everywhere at present, with teams actively looking to bring their business into the 21st century by transforming applications, framework, underlyi...
Bye Google: 7 privacy-first search engines everyone should try - Fast Company
advertisementadvertisementEven if you have nothing to hide, searching the web with Google can sometimes feel unnerving.advertisementadvertisementMaybe you’ve got a medical question or financial conce...
10 of the best Best (and Worst) Browsers for Privacy - WRCB-TV
Larger-than-life is a unique, secure web browser that streets ads, trackers, fingerprinting, cryptomining, and more. Epic routes every one of the web traffic through a proxy host that automatic...
Devart Launched New ODBC Driver for Hubspot - PR.com
Prague, Czech Republic, July 14, 2021 --(PR.com)-- Devart, a recognized vendor of connectivity solutions for various databases and cloud services, has announced the release of ODBC Driver for Hu...
Microsoft vulnerabilities have grave implications for organizations of all sizes - Help Net Security
Microsoft software products are a connective tissue of many organizations, from online documents (creating, sharing, storing), to email and calendaring, to the operating systems that enable business ...
5 Ways Proxies Will Help You Get More Business on Social Media - Techzone360
Proxies are a fundamental link between your computer and the rest of the internet. While they safely secure your privacy and identity, a proxy address also ensures anonymity. This is the top reason w...
Pfizer, Moderna expand studies from COVID-19 vaccine to offspring age 5 to 22 - Baltimore Sun
Multiple citizens familiar with the trials menti one d the Food and Drug White house has indicated to Pfizer-BioNTech and Moderna that the scale and scope of their pediatric studies, as initially...
Private Proxy Software Adds 10 New Servers with Static IP Addresses - PR Web
Internet privacy can be protected by using an Anonymous Proxy. Past News ReleasesRSS Tampa, Florida (PRWEB) October 13, 2010 Privacy Partners, LLC the developer of Private Proxy Software, an...
More women than ever are starting careers in science - Nature.com
NEWS 05 August 2021 But a study of the publications of millions of researchers also suggests that women are less likely to continue their academic careers than their male counterparts. Katha...
Hackers Trick Microsoft Into Deciding upon Netfilter Driver Loaded With Rootkit Malware - The Hacker...
Microsoft on the topic of Friday said it's investigating an incident wherein a good driver signed by the service} turned out to be a malicious Computers rootkit that was observed communicating ...
So, what Avengers Movies Can Teach United states About Cybersecurity - Planet wide
Marvel has entertaining us for the last 10 years. We have seen gods, super-soldiers, magicians, and other irradiated warriors fight baddies at galactic scales. The eternal battle of good versus...
Study Shows Which VPNs Have Managed To Overcome Netflix Bans, And In Which Countries They Successful...
A recent study has delved into just how effective Netflix VPN bans have been across different proxy platforms. The answer? Not all too much. Let’s get down to discussion.The massive popularity of Net...
Load Balancer Market Research Report 2021, Size, Share, Growth and Forecast to 2026 - EIN News
Load Balancer Market Report SHERIDAN, WYOMING, UNITED STATES, November 1, 2021 /EINPresswire.com/ -- According to the latest report by IMARC Group, titled “Load Balancer Market: Global Industry Trend...
How to install Clipgrab on Linux Mint 20.1 to download videos - H2S Media
Well, here we see how to install and use Clipgrab on Linux Mint 20.1, Ubuntu 21.04/20.4/18.04 including Debian, Elementary OS, Kali, MX Linux, and others. Also, learn the steps to create its desk...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30