ProxyShell flaws in Microsoft Exchange

  • CERT Admin
  • Mon Aug 23 2021
  • Alerts

Threat Level 

HIGH 

Components Affected 

● Microsoft Exchange Server 2013 

● Microsoft Exchange Server 2016 

● Microsoft Exchange Server 2019 

Overview 

There have been exploitations identified in the Microsoft Exchange server due to the vulnerability of the ProxyShell. The above versions of Microsoft Exchange servers are vulnerable if they have not been updated to the May 2021 Cumulative Update package. (KB5003435).  

1. CVE-2021-34473. 

2. CVE-2021-34523 – both had security updates released in April 2021, and 

3. CVE-2021-31207, which had a security update released in May 2021. 

Description 

The vulnerability enables attackers to bypass ACL controls, elevate privileges on the exchange PowerShell backend permitting attackers to perform unauthenticated remote code execution. This vulnerability could lead to possibility of infecting LockFile ransomware on compromised system. 

Impact 

● Expose sensitive information 

● Service disruption 

● Ransomware infections  

Solution/Workarounds 

Apply the latest update to your exchange server 

https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-may-11-2021-kb5003435-028bd051-b2f1-4310-8f35-c41c9ce5a2f1 

Reference 

● https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html 

● https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-being-hacked-by-new-lockfile-ransomware/ 

● https://www.cert.govt.nz/it-specialists/advisories/active-scanning-for-microsoft-exchange-proxyshell-vulnerability/ 

Disclaimer 

The information provided herein is on an "as is" basis, without warranty of any kind. 

Last updated: Mon Aug 23 2021