Quote:The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft.
The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that’s an improvement of 43 percent just since last week, Microsoft pointed out (using telemetry from RiskIQ).
ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment.
The good news on patching comes as a whirlwind of ProxyLogon cyberattacks has hit companies across the globe, with multiple advanced persistent threats (APT) and possibly other adversaries moving quickly to exploit the bug. A spate of public proof-of-concept exploits has added fuel to the fire – which is blazing so bright that F-Secure said on Sunday that hacks are occurring “faster than we can count,” with tens of thousands of machines compromised.
“To make matters worse, proof-of-concept automated attack scripts are being made publicly available, making it possible for even unskilled attackers to quickly gain remote control of a vulnerable Microsoft Exchange Server,” according to F-Secure’s writeup. “There is even a fully functioning package for exploiting the vulnerability chain published to the Metasploit application, which is commonly used for both hacking- and security testing. This free-for-all attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic script kiddies.”
The attackers are using ProxyLogon to carry out a range of attacks, including data theft and the installation of malware, such as the recently discovered “BlackKingdom” strain. According to Sophos, the ransomware operators are asking for $10,000 in Bitcoin in exchange for an encryption key.
Read more: Microsoft Exchange Servers See ProxyLogon Patching Frenzy | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
