Thursday, June 13, 2024
HomeComputerProxyShell Bugs Maybe Exploited, Servers To Be Patched

ProxyShell Bugs Maybe Exploited, Servers To Be Patched

Microsoft has now issued recommendations for the commonly abused ProxyShell flaws that affect certain on-premises Microsoft Exchange variants.

ProxyShell is a combination of three security vulnerabilities found by Devcore security researcher Orange Tsai (patched in April and May) and used to attack a Microsoft Exchange server during the Pwn2Own 2021 hacking competition:

Although Microsoft fully fixed the ProxyShell issues by May 2021, the CVE IDs for the vulnerabilities were not assigned until July, delaying some organizations with unpatched servers from learning that they still had system vulnerabilities on their networks.

Microsoft Mute About Active Assaults

Security experts and the US Cybersecurity and Infrastructure Security Agency (CISA) have previously advised administrators to fix their Exchange servers in order to protect against continuing assaults that began in early August utilizing ProxyShell vulnerabilities.

Despite earlier warnings of ongoing attacks, Microsoft did not notify customers that their on-premises Exchange servers were under attack until today.

“This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities,” according to The Exchange Team.

“If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities. Exchange Online customers are also protected (but must make sure that all hybrid Exchange servers are updated).”

To prevent ProxyShell attacks, Microsoft recommends that users install AT LEAST ONE of the required current cumulative updates as well as ALL relevant security patches.

Active Abuse By Multiple Cybercriminals

CISA’s warning on Monday that various threat actors are actively exploiting the ProxyShell vulnerabilities followed a similar one in March advising companies to defend their networks from a wave of attacks.

The March Exchange assaults were coordinated by Chinese state-backed hackers, who targeted tens of thousands of businesses throughout the world with vulnerabilities targeting four zero-day Exchange flaws known as ProxyLogon.

After security researchers and threat actors replicated a viable exploit, attackers are currently scanning for and attacking Microsoft Exchange servers using the ProxyShell vulnerabilities, just as they did in March.

As ProxyShell payloads deployed on Exchange servers were initially innocuous, attackers are increasingly employing LockFile ransomware payloads deployed through Windows domains exploited by Windows PetitPotam vulnerabilities.

To give you a sense of the scope of the problem, security firm Huntress Labs recently reported that by Friday last week, it had discovered more than 140 web shells launched by attackers on over 1,900 hacked Microsoft Exchange servers.

Shodan also monitors tens of thousands of Exchange servers that are vulnerable to ProxyShell assaults, the majority of which are situated in the United States and Germany.

Until Microsoft issues, more instructions on safeguarding and identifying exposed servers against abuse, security researcher Kevin Beaumont’s blog article has extensive information on how to identify unpatched Exchange servers and detect exploitation attempts.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us