Microsoft Issues ProxyShell Advisory After Attacks Begin
The ProxyShell vulnerabilities that affect Microsoft Exchange servers were put on full display at this month’s Black Hat 2021 conference. At the event, Devcore researcher Orange Tsai – who actually uncovered the vulnerabilities – compromised a Microsoft Exchange server by exploiting them.
What is a vulnerability in Cybersecurity?
Let’s first understand what is a vulnerability in cybersecurity. It is a weakness that can be misused by cybercriminals to gain illegal access to a computer system. After misusing a vulnerability, a cyberattack can run malicious code, install malware and can steal sensitive data. There are a number of methods through which vulnerabilities can be exploited. Some of them are cross-site scripting (XSS), buffer overflows, SQL injection and open-source exploit kits. All these methods are used to search the unknown vulnerabilities or security weaknesses in web applications. Many vulnerabilities impact popular software, placing many customers using the software at a heightened risk of a data breach, or supply chain attack. Just like the Microsoft is facing right now. The three vulnerabilities are CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207. According to a warning issued by the Cybersecurity and Infrastructure Security Agency (CISA), these vulnerabilities could lead to the acceleration of privileges and remote code execution if exploited. Thus, enabling hackers to execute arbitrary code on a vulnerable machine. To better cope up with this issue, Microsoft urged organizations running Exchange servers to install patches issued in security updates in May and July, which protect against the vulnerabilities. In its own advisory, Microsoft also warned the users that their Exchange servers are vulnerable if any of the following are true:
The server is running an older, unsupported CU (without May 2021 SU); The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; If the server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.
In all of the above scenarios, you must install one of the latest supported CUs and all applicable SUs to be protected. Any Exchange servers that are not on a supported CU and the latest available SU are vulnerable to ProxyShell and other attacks that leverage older vulnerabilities. So, to be on the safe side, it is suggested to update the server with the latest and supported CU.