Microsoft this week published guidance about three vulnerabilities referred to collectively as ProxyShell days after security researchers at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers were actively trying to exploit them. The ProxyShell vulnerabilities, which are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, could allow hackers to run arbitrary code on a vulnerable machine without authentication. The first two flaws were fixed in April, while the third received a patch in May.Orange Tsai, a security researcher at consulting firm DEVCORE exploited the ProxyShell vulnerabilities to target a Microsoft Exchange server during the Pwn2Own 2021 hacking contest, but technical details were made public only a few weeks ago, at the Black Hat and DEF CON cybersecurity conferences. Earlier, Orange Tsai had identified the ProxyLogon and ProxyOracle vulnerabilities in Exchange servers.Last week, cybersecurity experts unearthed more than 1,900 unpatched systems that were exploited, and CISA issued a warning on attacks targeting Exchange servers impacted by the ProxyShell vulnerabilities.In a blog post on Wednesday, Microsoft urged the customers to install patches as soon as possible, noting that only systems without the already issued patches are vulnerable to the attack. The company also advised users to install the latest set of updates on their Exchange servers, which would ensure they are shielded from any compromise attempts. “This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities. If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities,” Microsoft stated.According to the ..
Support the originator by clicking the read the rest link below.
