Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks – Redmondmag.com

News

Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks

150220REDMackieO365 c ProxyEgg Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks - Redmondmag.com

The Exchange team at Microsoft posted an announcement on Wednesday acknowledging “ProxyShell” threats and urging organizations to keep Exchange Server up to date with the latest cumulative updates (CUs) and security updates (SUs).

ProxyShell is a “Critical”-rated vulnerability that can enable remote code execution on systems. It’s actually three vulnerabilities (CVE-2021-34473CVE-2021-34523 and CVE-2021-31207) that are chained together for attack purposes. DevCore security researcher Orange Tsai demonstrated his ProxyShell findings earlier this month during the BlackHat security conference.

Other security researchers recently described seeing ProxyShell getting used in ransomware attacks. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued an urgent warning that ProxyShell exploits were happening.

Install the May or July Security Updates
Microsoft’s announcement contended that Exchange Server users were protected against ProxyShell attacks if the May or July SUs are installed:

If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities. Exchange Online customers are also protected (but must make sure that all hybrid Exchange servers are updated).

The Exchange Online service isn’t directly subject to ProxyShell. However, Microsoft’s subtle reminder above about “hybrid Exchange servers” is actually a warning to Exchange Online users. Oddly, Exchange Online users need to have a single Exchange Server instance installed to manage the Exchange Online service.

The requirement to use Exchange Server with the Exchange Online service is an odd one. It also puts Exchange Online users at risk for the ProxyShell attacks.

Unprotected Circumstances
The Exchange team also indicated circumstances where Exchange Server implementations would not be protected against ProxyShell attacks. They include:

  • The server is running an older, unsupported CU;
  • The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
  • The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.

Microsoft releases CUs on a quarterly basis, but it discovered in early March, when out-of-band Exchange server patches were released in response to “Hafnium” ProxyLogon attacks, that lots of organizations haven’t kept pace.

To assist organizations against ProxyLogon attacks unveiled in March, Microsoft automated mitigations by releasing an Exchange On-Premises Mitigation Tool (EOMT), which was announced on March 16. The tool worked with Exchange Server implementations that had unsupported CUs installed.

ProxyLogon was the inspiration for security researcher Orange Tsai to discover ProxyShell. However, he described ProxyShell as just the “tip of the iceberg” in terms of other possible Exchange Server attack scenarios.

In general, the Exchange team’s Wednesday announcement advised that “any Exchange servers that are not on a supported CU and the latest available SU are vulnerable to ProxyShell and other attacks that leverage older vulnerabilities.”

The announcement pointed organizations to this “Why Exchange Server Updates Matter” blog post from April. It makes a good case for time-strapped IT pros to keep Exchange Server patched in an up-to-date manner. The post references a tool for checking an Exchange Server’s patch status, as well as a wizard for targeting cumulative update installations.

About the Author

Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.

Source of this news: https://redmondmag.com/articles/2021/08/25/microsoft-urges-patching-exchange-server.aspx

Related posts:

Threat actors and researchers actively scanning for ProxyShell vulnerabilities warn - Texasnewstoday...
Researchers warn that attackers are currently scanning the Internet for Microsoft Exchange Server instances that have not been patched for the Proxy Shell vulnerability. The technical details of the...
Why You Shouldn’t Use The Gmail App On Your iPhone - Forbes
Yet again this week we have seen headlines pitching Apple against Facebook, as the iPhone maker’s crackdown on user tracking threatens mobile ad revenues. But while Facebook is clearly in Apple’s sig...
New ZE Loader Targets Online Banking Users - Security Intelligence
New ZE Loader Targets Online Banking Users <!-- --> IBM Trusteer closely follows developments in th...
Tribune shareholders approve sale of firm’s newspapers to Alden you need to The Morning Call
The vote in essence clears the way for Alden Global Capital, which earlier owns more than 31% during the company, to complete its discount to buy the rest of Tribune, that will also publishes the...
2022-04-25 | TSXV:PDM | Press Release | Palladium One Mining Inc - Stockhouse
1.1 Million Ounces Total Precious Metals, 111 Million Pounds Copper, 92 Million Pounds Nickel and 5 Million Pounds Cobalt in Indicated AND 1.1 million Ounces Total Precious Metals, 173 Million Pounds...
Eugenio Suárez Needs More Power - FanGraphs
Eugenio Suárez is not a major league caliber shortstop. That’s no knock on him — pretty much no one in the entire world is, and he picked the position up out of necessity rather than because it was i...
Contemporary Controls Showcases New and Enhanced Building and Industrial Automation Products at AHR ...
Contemporary Controls Showcases New and Enhanced Building and Industrial Automation Products at AHR 2022 Contemporary Controls is looking forward to the return of the AHR Expo in Las Vegas. Be sure t...
To the south Florida 100: COVID injection problems and Capitol developing riots - South North caroli...
Angelo Castillo, commissioner, Pembroke Pines Last week: Our state's refusal to find common shreded is a dysfunction fueled and also an inability to accept almost any common sets of evidence...
Fix 'The Proxy Server Refusing Connections Error' Message - BollyInside
This tutorial is about the Fix ‘The Proxy Server Refusing Connections Error’ Message. We will try our best so that you understand this guide. I hope you like this blog Fix ‘The Proxy Server Refusing ...
How to Hide Your IP Address - Lee Stanton - Alphr
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way. Websites keep track of your IP address for various reasons, and in most cases, it’s n...
How to Set up a Proxy Server - BollyInside
This tutorial is about the How to Set up a Proxy Server. We will try our best so that you understand this guide. I hope you like this blog How to Set up a Proxy Server. If your answer is yes then ple...
April Week 1 - iProgrammer
This weekly digest is an extended version of the newsletter emailed to subscribers every Wednesday. As well as listing the week's news items, it also includes the week's Book Review, additions to Boo...
10 of the best Best (and Worst) Browsers for Privacy - WRCB-TV
Larger-than-life is a unique, secure web browser that streets ads, trackers, fingerprinting, cryptomining, and more. Epic routes every one of the web traffic through a proxy host that automatic...
Fix Steam needs to be online to update error on Windows PC - TWCN Tech News
Here is a guide on how to fix the Steam needs to be online to update error on Windows PC. Steam is a video game distribution service developed by Valve Corporation. It is a great platform for ga...
Fix Office Errors 0-1011, 3088-1015, 30183-1011 or 0-1005 - TWCN Tech News
In this post, we will show you how to fix Microsoft Office error codes 0-1011, 3088-1015, 30183-1011, or 0-1005 when installing Office in Windows 11/10. Although Microsoft Office is a popular ap...
FontOnLake Malware Can Target Cpanel Systems - Ghacks Advances News
Documentation released by world wide security company, ESET, and even October 7 the , has given particulars to what was lesser known virus attacks family that emerged earlier this May, including de...
Shotcut 21.08.29 - Neowin
Shotcut is a free, open source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing...
Asustor Drivestor 2 Pro AS3302T - Review 2021 - PCMag India
Designed for use as a personal cloud server, the Asustor Drivestor 2 Pro ($249) is a reasonably priced two-bay NAS that offers multi-gig connectivity and numerous USB ports. It also has a generous ca...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30