Microsoft has now published further details on the ProxyShell vulnerabilities in Exchange Server that have been known for some time. The security team warns that unpatched servers urgently need to be updated – this reaction follows far too late.
This is reported by Bleeping Computer and underlines that Microsoft has not exactly covered itself with fame in this case. Although there were indications of the active exploitation of the security gap early on, the security team is only now following instructions on how users with Exchange Server should deal with it.
Ransomware spread through unpatched servers
Microsoft following statement now has a manual published that several local Microsoft Exchange versions concerns: “In the past week, security researchers have discussed multiple proxy Shell vulnerability, including ones that could be exploited on unpatched Exchange servers to install ransomware or conduct other post-exploitation activities, “said the Exchange team.
It goes on to say in the tech community: “If you have the security updates from May 2021 or July 2021 installed on your Exchange servers, you are protected against these security holes. Exchange Online customers are also protected (but must ensure that all hybrid Exchange Servers are updated). ” Affected users must install at least one of the supported latest cumulative updates and all applicable security updates in order to block ProxyShell attacks. According to Microsoft, Exchange servers are vulnerable if any of the following conditions are true:
- An older, unsupported CU is running on the server;
- The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
- The server is running an older, unsupported CU with the March 2021 EOMT attenuations applied.
The US agency for cybersecurity and infrastructure security (CISA) had already issued an official warning before Microsoft now considered it necessary. CISA fears similar occurrences as in the spring of 2021 when Chinese hackers with government support attacked tens of thousands of organizations worldwide with exploits that targeted four zero-day exchange errors, which have come to be known as ProxyLogon. Just like in March, strangers are currently scanning the network for vulnerable servers and hacking Microsoft Exchange servers using the ProxyShell vulnerabilities.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.