Microsoft Exchange ProxyShell Exploitation

In May 2021, Microsoft released a patch for vulnerabilities that are being used by multiple advanced persistent threat groups. A remote attacker could exploit these vulnerabilities to take control of an affected system.

Threat ID:: CC-3928
Category:: Exploit
Threat Severity:: Medium
Published:: 23 August 2021 5:07 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Versions: 2013 Cumulative Update 23, 2016 Cumulative Update 19 & 20, 2019 2016 Cumulative Update 8 & 9

Microsoft Exchange Server

Threat details

Introduction

ProxyShell is a string of three vulnerabilities that could enable an unauthenticated attacker to perform remote code execution, elevation of privilege, and a security feature bypass vulnerability.

Active Exploitation

ProxyShell is being exploited in the wild by attackers that could execute arbitrary code and take control of a system.

Remediation advice

Affected organisations are encouraged to review Microsoft’s advisories for the following CVEs: CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523 and apply the necessary updates or workarounds.

Alternatively, please ensure that the affected versions of Microsoft Exchange have been remediated by the application of the May 2021 security update or the July 2021 security update.

Definitive source of threat updates

https://us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell

CVE Vulnerabilities

Status Published

CVE-2021-31207

Status Published

CVE-2021-34473

Status Published

CVE-2021-34523

Last edited: 27 August 2021 11:10 am