Microsoft Exchange Server Hacked Via ProxyShell Exploits

Share post:

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.

According to a recent update released by security researcher Kevin Beaumont and NCC Group vulnerability researcher Rich Warren, ProxyShell is an attack that uses three linked Microsoft Exchange vulnerabilities to execute unauthenticated remote code.

Devcore Principal Security Researcher, Orange Tsai revealed that the ProxyShell exploits use Microsoft Exchange’s AutoDiscover feature to conduct an SSRF attack. Warren’s example, shared with BleepingComputer, showed that the web shells consist of a simple authentication-protected script that threat actors can use to upload files to the compromised Microsoft Exchange server.

Since threat actors are already exploiting vulnerable Microsoft Exchange servers, Beaumont advises administrators to perform Azure Sentinel queries to confirm whether or not their devices have been scanned, and advises those who have recently updated their Microsoft Exchange server to do so immediately.

For more information, read the original story in BleepingComputer.



Related articles

Cyber Security Today, March 22, 2023 – ChatGPT4 is out, poorly-protected Linux servers are exploited, and more

ChatGPT4 is out, poorly-protected Linux servers are exploited, and more. Welcome to Cyber Security Today. It’s Wednesday, March 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S. The new version of ChatGPT has been released. But if you were hoping that version 4 has made this tool safer

Only 9 per cent of Canadian firms are cyber mature: Cisco report

Only 15 per cent of companies around the world would have a mature cyber readiness, according to survey

Ferrari notifies customers of ransom demand

Exclusive car maker says some client contact information exposed in cy

Government backs down on document demand from Google, Facebook

Change meets criticism that demand for external communications is an invasion

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways