ProxyShell Vulnerability
This blog contains information about the ProxyShell vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This blog contains information about the ProxyShell vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update August 10, 2021
13:00 | Security researcher Orange Tsai, who discovered the ProxyLogon vulnerability, has published a new vulnerability known as ProxyShell. ProxyShell is a combination of 3 vulnerabilities, which provide unauthenticated remote code execution on Microsoft Exchange servers. Several sources confirm active scanning for the vulnerability, with limited successful exploitation.
Achtergrond
Risico
The following CVE references belong to this vulnerability.
- CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April – KB5001779)
- CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April – KB5001779)
- CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May – KB5003435)
Advies
Patches have been available since April and May 2021. Tesorion urgently advices is to install the patches immediately on your Exchange environment.
Bronnen
Schrijf je in voor T-Updates
Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail
More than 1,000 organizations have already joined us.
