This blog contains information about the ProxyShell vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update August 10, 2021
13:00 | Security researcher Orange Tsai, who discovered the ProxyLogon vulnerability, has published a new vulnerability known as ProxyShell. ProxyShell is a combination of 3 vulnerabilities, which provide unauthenticated remote code execution on Microsoft Exchange servers. Several sources confirm active scanning for the vulnerability, with limited successful exploitation.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Patches have been available since April and May 2021. Tesorion urgently advices is to install the patches immediately on your Exchange environment.
The following CVE references belong to this vulnerability.
- CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April – KB5001779)
- CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April – KB5001779)
- CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May – KB5003435)
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.