Microsoft Breaks Silence on Barrage of ProxyShell Attacks

[silversurfer]

Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month.
 
The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately.
 
“Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats,” the company said. “Please update now!”
 
Customers that have installed the May 2021 security updates or the July 2021 security updates on their Exchange servers are protected from these vulnerabilities, as are Exchange Online customers so long as they ensure that all hybrid Exchange servers are updated, the company wrote.
 
“But if you have not installed either of these security updates, then your servers and data are vulnerable,” according to the advisory.
 
The ProxyShell bugs that Devcore principal security researcher Orange Tsai outlined in a presentation at Black Hat. The three vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) enable an adversary to trigger remote code execution on Microsoft Exchange servers.

Read more: Microsoft Breaks Silence on Barrage of ProxyShell Attacks