A former Microsoft security researcher is sounding the alarm that multiple threat actors, including at least one ransomware group, have been mass exploiting ProxyShell vulnerabilities on Microsoft Exchange servers over the past month.

According to an alert released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals are currently exploiting the so-called ProxyShell Microsoft Exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.

ProxyShell is composed of three distinct vulnerabilities (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) that were originally discovered in April by Cheng-Da Tsai, a security consultant for DevCore. When chained together, the three flaws allow an attacker to gain administrator level, unauthenticated remote code execution privileges for Microsoft Exchange servers.

Microsoft strongly advises that server updates are needed to counter these new identified threats,

%d bloggers like this: