Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.
The three vulnerabilities, listed below, were discovered by Devcore Principal Security Researcher Orange Tsai, who chained them together to take over a Microsoft Exchange server in April’s Pwn2Own 2021 hacking contest.
ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.
CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)
Last week, Orange Tsai gave a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang published more detailed technical information about successfully reproducing the ProxyShell exploit.
Tsai revealed that the ProxyShell exploit uses Microsoft Exchange’s AutoDiscover feature to perform an SSRF attack as part of the talk.
Soon after, security researcher Kevin Beaumont began seeing threat actors scan for Microsoft Exchange servers vulnerable to ProxyShell.
ProxyShell actively exploited to drop webshells
Today, Beaumont and NCC Group’s vulnerability researcher Rich Warren disclosed that threat actors have exploited their Microsoft Exchange honeypots using the ProxyShell vulnerability.
When exploiting Microsoft Exchange, the attackers are using an initial URL like: https://Exchange-server/autodiscover/[email protected]/mapi/nspi/?&Email=autodiscover/autodiscover.json%[email protected]
News Summary:
- ProxyShell vulnerabilities are used to hack Microsoft Exchange servers
- Check all news and articles from the latest Security news updates.
Source of this news: https://www.bollyinside.com/news/proxyshell-vulnerabilities-are-used-to-hack-microsoft-exchange-servers
Related posts:
U.S. stocks are mixed Wednesday, vacillating as Treasury yields continue to stabilize in the wake of largely uneventful Federal Reserve policy remarks. Against this backdrop, the S&P 500 remains...
Bug exploited inconsistencies between intermediary and backend serversMitmproxy, an open source, interactive HTTPS proxy service, has patched a dangerous bug that potentially allowed attackers to st...
Outspoken actress Rose McGowan has moved to Mexico and says she will never return to live in the USA. Speaking on the YouTube series The Dab Roast, McGowan said she moved to Mexico in early 2020. ...
Designed for use as a personal cloud server, the Asustor Drivestor 2 Pro ($249) is a reasonably priced two-bay NAS that offers multi-gig connectivity and numerous USB ports. It also has a generous ca...
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
Discord is an excellent app for golfers worldwide, but it does have various issues now and then. One of the most wide-spread issues users face is without question Discord not opening. Could diffe...
The vote in essence clears the way for Alden Global Capital, which earlier owns more than 31% during the company, to complete its discount to buy the rest of Tribune, that will also publishes the...
Hacia flaw discovered in Apple's newbie iCloud Private Relay failures the feature's raison d'etre by exposing a user's IP address when certain the weather is met. As detailed basically researc...
This tutorial relates to the How to Set up a nice Proxy Server. We will do our utmost so that you understand this guide. Discover ways to you like this blog How to Set up a Proxy Server . If y...
Marketers have to find new ways to identify preferencesBy Raviteja DoddaFor long, this is the challenge that marketers have been grappling with – how to make subscribers open the mail and how to give...
INTRODUCTIONEvolutionary innovation of new protein functions is central to Darwinian adaptation. For example, bacterial efflux pumps evolved into antibiotic resistance proteins (1). Natural evolution...
Sequoia Financing addresses fraud allegations in opposition of portfolio startups At a time when three from the portfolio startups (Trell, BharatPe, and recently Zilingo) are typically mired in em...
JAXenter: Considering recent security breaches, now more than ever, enterprises need to be focused on making security their first priority. What is the first action that companies should take when re...
QUALITY WebSockets are long-lived connections of support asynchronous communication in both directions. Burp Suite characteristics rich set of tools to support protection testing WebSockets...
The Ough. S. Army is searching for a cloud-based community that it can use to copy a real-world attacker punching the Department of Defense Guidance Network (DoDIN). In a request for informat...
As a social media marketer, or simply a person who manages multiple social media accounts, you may benefit from using a proxy service. Most social networks don’t allow multiple accounts, so the...
Apple is rolling out some updates to iCloud under the name iCloud+. The company is announcing those features at its developer conference. Existing paid iCloud users are going to get those iCloud+ feat...
Crash while using YouTube Youtube It is widely used by Internet users. It is one of the most important streaming video platforms. However, sometimes we may have problems accessing certain vide...
