09.08.2021 - During a conference last week, security researchers presented new vulnerabilities in Microsoft Exchange Server. Hackers are now trying to detect vulnerable systems by means of scanning in order to attack them. The NCSC recommends immediately applying the patches provided by Microsoft.
Microsoft Exchange Server is extensively used by companies and administrations. Attackers are currently searching for the newly discovered security vulnerabilities, called ProxyShell, with targeted scanning and are immediately exploiting vulnerable systems.
The NCSC recommends that operators of Microsoft Exchange servers apply the corresponding patches as a matter of urgency:
- CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064
- CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064
- CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-may-11-2021-kb5003435-028bd051-b2f1-4310-8f35-c41c9ce5a2f
Last modification 09.08.2021