This is a new vulnerability in Microsoft Exchange Email servers, that is very much related to the HAFNIUM or ProxyLogon vulnerabilities that were discovered and exploited during the first quarter of 2021.  During the first exploit campaign thousands of organisations were attacked and some seriously breached.  Back then, some of the victims that disclosed ProxyLogon attacks include the European Banking Authority, the Ministry of Labor and Social Affairs of the Czech Republic, Norway’s parliament (The Storting), the Commission for the Financial Market of Chile, and the Bangladesh government.  At least 30,000 organisations were reportedly compromised in the US alone, with many more affected worldwide.  The UK NCSC issued tailored advice to over 70 UK-based organisations that had been affected, to help them mitigate the effects of the compromise.

The new vulnerabilities were publicised on 6 August 2021, by security researcher “OrangeTsai” who gave a conference talk at Black Hat USA that disclosed the new vulnerabilities in Microsoft Exchange servers, collectively known as ProxyShell.  The vulnerabilities have been recently patched by Microsoft and can be tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.

On 25-Aug-21, reports already started to come in from security researches indicating that the vulnerabilities are being targeted by bad actors.

Given the importance of Microsoft Exchange servers in any business environment, CyberSolace once again strongly recommends that businesses patch their systems to avoid any serious breach.

Read more by clicking the button below.