CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Microsoft Issues Guidance on ProxyShell Vulnerabilities

Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.

Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.

The ProxyShell bugs, which are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, can be chained to run arbitrary code without authentication. The first two bugs were patched in April, while the third received a fix in May.

Researchers with security consulting firm DEVCORE exploited the security holes at the 2021 Pwn2Own hacking contest, but technical details were made public only a few weeks ago, at the Black Hat and DEF CON cybersecurity conferences.

Soon after, the first scans for vulnerable Exchange servers commenced, and the first attacks targeting the exposed servers – over 30,000 of them – were also observed.

Last week, security researchers identified more than 1,900 unpatched systems that were compromised, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on attacks targeting Exchange servers affected by the ProxyShell flaws.

In a blog post on Wednesday, Microsoft underlined the importance of installing patches in a timely manner, noting that only systems without the already issued fixes are susceptible to compromise.

“This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities. If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities,” the tech giant notes.

Systems without either security updates, the company says, are vulnerable to attacks. Furthermore, the company pointed out, Exchange servers should always be kept updated with the latest available Cumulative Update (CU) and Security Update (SU).

Advertisement. Scroll to continue reading.

Vulnerable Exchange servers, Microsoft notes, are those running older, unsupported CUs, those running SUs for older, unsupported versions of Exchange released in March 2021, or those running older, unsupported CUs that have the March 2021 mitigations applied.

“In all of the above scenarios, you must install one of the latest supported CUs and all applicable SUs to be protected. Any Exchange servers that are not on a supported CU and the latest available SU are vulnerable to ProxyShell and other attacks that leverage older vulnerabilities,” the company says.

The tech giant recommends that all customers install the latest set of updates on their Exchange servers, which would ensure they are protected from any compromise attempts.

Over the weekend, similar patching recommendations were issued by Rob Joyce, director of cybersecurity at the NSA, who pointed out that the number of attacks targeting Exchange servers is surging.

Related: PetitPotam Vulnerability Exploited in Ransomware Attacks

Related: Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...