6.8
CVSSv2

CVE-2021-27065

Published: 03/03/2021 Updated: 26/03/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2013

microsoft exchange server 2016

microsoft exchange server 2019

Mailing Lists

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution) By taking advantage of this vulnerability, you can execute arbitrary commands on the remote M ...

Github Repositories

Introduction Hello! In light of the recent ProxyLogon attacks - I am keeping track of useful powershell scripts that may benefit system administrators These scripts may vary and may not be useful to everyone, but may benefit outlier organizations I will do my best to continue to update these scripts as time goes on Thank you for reading! Ensure Execution Policy is allowed on

Modsecurity Rules CVE-2021-27065 Modsecurity Rule for exchange RCE It is recommended to test it before (keeping the action pass) to evaluate possible false positives in your environment, before applying any disruptive action

CVE-2021-26855 CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-27065 (see below)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) usage: python ProxyLogonpy --host=exchangecom --mail=admin@exchangecom python ProxyLogonpy --host=exchangecom --mails=/mailstxt args: --host: target's address --mail: exists user's mail --mails: mails file

ProxyLogon (CVE-2021-26855) CVE-2021-26855, also known as ProxyLogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-2706

Exchange SSRF toRCE Exploit For educational and learning purposes only CVE-2021-26855 CVE-2021-27065 Usage [*] ProxyLogon-Exchange SSRF to RCE Exploit Chain - Author @Evilash /Exchange_SSRFtoRCEChainExploitpy <url> <MailUser> Real and stable exploit to RCE , enjoy it :) Fofa Quary microsoft exchange 2013: app="Microsoft-E

106362522 針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使

NTUT_HOMEWORK Exchange server 事件起源 臺灣資安業者戴夫寇爾(DEVCORE)是在去年12月發現ProxyLogon中的CVE-2021-26855與CVE-2021-27065兩個安全漏洞,並於今年1月5日通報微軟,另一資安業者Volexity則說駭客自1月3日便開始攻擊ProxyLogon漏洞,至於微軟則直接點名該駭客組織為來自中國的Hafnium。 ProxyLogon為

CVE-2021-27065 Quick One Line Powershell scripts to detect for webshells, possible zips, and logs Each of the scripts after running will ouput to a CSV located in the temp drive at the root of C: Quick Code Explination: CompedFilesps1 This will start at the path specified Work it's way through each folder and find the files inside of it Each file that it hits it will t

ProxyLogon ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution (source: proxylogoncom) Disclaimer The information

CVE-2021-26855_Exchange RCE 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 Microsoft Exchange Proxylogon Exploit Chain EXP分析 + CVE-2021–26855 + CVE-2021–27065 复现总结

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不同于以往的 exchange 漏洞,此漏洞并不需要一个可登录的用户身份,可以在未授权的情况下获取内部用户资源,配合 CVE-2021-27065 可以实现远

proxylogon Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065, which allows for unauthenticated remote code execution on Microsoft Exchange as described in the following resources: wwwmicrosoftcom/security/blog/2021/03/02/hafnium-targeting-exchange-servers wwwvolexitycom/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerab

HAFHunt Quick powershell script to search for HAFNIUM IOCs for On-Prem Exchange Servers Leverages IOCs listed in Microsoft and Volexcity articles Find ASPX files Find known Webshell names List archived files in C:\ProgramData LogSearch OABGeneratorLog (CVE-2021-26858) LogSearch HttpProxy logs (CVE-2021-26855) LogSearch WindowsEvents (CVE-2021-26857) LogSearch Exchange Logs (C

exchange-0days-202103 IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065

Exchange-HAFNIUM Threat Advisory for the MS Exchange Zero-day Vulnerability Introduction On March 2, 2021 Microsoft has released patches for several critical vulnerabilities for Microsoft Exchange Server that have been found to be exploited in different regions It is highly recommended for all the users running affected versions to update their servers with newly released

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprologpy [OPTIONS] ExProlog - ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Options: -t, --target TEXT Target MS Exchange Server (eg outlookvictimc

Proxy-Logon 班級:資財二乙 學號:108AB0704 姓名:劉筑芸 事件起源: 發布修補程式的Exchange漏洞「ProxyLogon」有關,許多駭客組織也跟風濫用這些漏洞來發動攻擊,而傳出微軟對合作的資安業者著手調查的風聲,甚至傳出勒索軟體攻擊事件駭客入侵受害單位的管道,就是鎖定尚未修補漏洞的E

班級:訓四子二  姓名:陳柏恩  學號:108362529 2021 Microsoft Exchange Server Data Breach 事件起源 駭客組織在今年一月與二月,針對當時被統稱為 ProxyLogon 的安全漏洞,進行私密郵件竊取,並於系統上安裝惡意程式 Web Shells,以便長期存取,被竊使用者的資訊。 入侵漏洞分析 ProxyLogon 的四

Exchange_IOC_Hunter Description: Hunt for IOCs in IIS Logs - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 Artefacts Supported: C2 IP Addresses (used for scanning and exploitation) File Names (observed in exploitation attempts) Usage: powershell \Exchange_IOC_Hunterps1 Updates: This repository will be updated with new IOC's shortly

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855) By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065) As a result, an unauthenticated attacker can execute arbitrary commands o

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution All affected components are vulnerable by

CVE-2021-26855-CVE-2021-27065 analytics ProxyLogo Mail exchange RCE

#Homework-Proxylogon事件討論 甚麼是Proxylogon事件: Proxylogon事件是由一個中國政府支持的駭客組織Hafnium,利用Exchange Server的4項零時差漏洞對本地部署郵件系統所進行的駭客攻擊,編號名為「CVE-2021-26855 」及「CVE-2021-27065」(稱其為「ProxyLogon」)並由一個台灣的資安研究團隊「戴夫寇爾」於2020

shellcollector HAFNIUM campaign: wwwmicrosoftcom/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ CVE-2021-26855 CVE-2021-26857 CVE-2021-27065 CVE-2021-26858 This is a PowerShell script that will locate potential web shells created by the SYSTEM user from 1/1/2021 onwards Simply clone or download shellcollectorps1 and execute in PowerShell with admin pri

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不同于以往的 exchange 漏洞,此漏洞并不需要一个可登录的用户身份,可以在未授权的情况下获取内部用户资源,配合 CVE-2021-27065 可以实现远

CVE-2021-26855-PoC PoC exploit code for CVE-2021-26855 Original code was developed by githubcom/GreyOrder The original repo was deleted shortly after additional features (user enumeration etc) were added Please post a pull request, if you have the latest version CVE-2021-26855 ssrf simple use of golang exercises Affected version: Exchange Server 2013 is less than

CVE-2021-26855-PoC PoC exploit code for CVE-2021-26855 CVE-2021-26855 ssrf simple use of golang exercises Affected version: Exchange Server 2013 is less than CU23 Exchange Server 2016 is less than CU18 Exchange Server 2019 is less than CU7 Conditions of use: This vulnerability is different from previous exchange vulnerabilities This vulnerability does not require a user identi

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不同于以往的 exchange 漏洞,此漏洞并不需要一个可登录的用户身份,可以在未授权的情况下获取内部用户资源,配合 CVE-2021-27065 可以实现远

CVE-2021-26855-Exchange-RCE Microsoft Exchange Proxylogon Exploit Chain EXP分析 + CVE-2021–26855 + CVE-2021–27065 复现总结

Exchange-Exploit Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 nmap --script http-vuln-exchange [TARGET]

Hafnium Microsoft Exchange NOTE: Original scripts are available at John Hammond's Github Gist Some Technical Details CVEs Listed CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server

HAFNIUM CVE-2021-26855 msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-26855 CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server CVE-2021-26857 msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-26857 CVE-2021-26857 i

HAFNIUM CVE-2021-26855 msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-26855 CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server CVE-2021-26857 msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-26857 CVE-2021-26857 i

Operation Exchange Marauder - An aggregated view for Defenders Introduction Advisories, Analysis, and Countermeasures CVE's Exploited Tools Used in the Attack Methodology of Attack Detection CVE Detections Microsoft defender Queries Azure Sentinel Detections Sentinel Queries Powershell Queries STIX Object Indicators IP addresses Hashes Paths Web Shell Names YARA Rule

Detect webshells dropped on Microsoft Exchange servers after 0day compromises This script looks for webshells dropped on Microsoft Exchange servers while they were vulnerable to following CVE's: CVE-2021-26855, pre-auth SSRF, CVSS:30 91 / 84 CVE-2021-26857, insecure deserialization leading to privilege escalation to SYSTEM level, CVSS:30 78 / 72 CVE-2021-26858, post

Important information regarding Exchange Server (2010, 2013, 2016, 2019) 0-day exploits Today (Tuesday 2nd March 2021), Microsoft released patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019

Vulmap - Web vulnerability scanning and verification tools [Click here for the English Version] Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能, 目前支持的 webapps 包括 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, fastjson, jenkins, nexus, weblogic, jboss, spring, th

Vulmap - Web vulnerability scanning and verification tools [Click here for the English Version] Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能, 目前支持的 webapps 包括 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, fastjson, jenkins, nexus, weblogic, jboss, spring, th

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

Lemon Duck Cryptojacking Botnet Changes Up Tactics
Threatpost • Tara Seals • 10 May 2021

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers.
That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities. On the latter front, it’s using fake domains on East Asian top-level domains (TLDs) to hide command-and-control (C2) inf...

Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques
Symantec Threat Intelligence Blog • Threat Hunter Team • 05 May 2021

Two-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.

Posted: 5 May, 20218 Min ReadThreat Intelligence SubscribeMulti-Factor Authentication: Headache for Cyber Actors Inspires New Attack TechniquesTwo-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.In recent years two-factor or multi-factor authentication (MFA) has been touted as the way to...

Prometei Botnet Could Fire Up APT-Style Attacks
Threatpost • Tara Seals • 23 Apr 2021

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat (APT) cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets.
It’s also highly complex and sophisticated, researchers noted. While cryptojacking is its current game, Cybereason researchers warned that Prometei (the Russian word for Prometheus, the Titan god of fire from the ...

Attackers Target ProxyLogon Exploit to Install Cryptojacker
Threatpost • Elizabeth Montalbano • 15 Apr 2021

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found.
Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit chain—which suffered a barrage of attacks from advanced persistent threat (APT) groups to infect systems with everything from ransomware to webshells—to host Monero cryptomining malware, according to ...

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
Threatpost • Tara Seals • 14 Apr 2021

The Feds have cleared malicious web shells from hundreds of vulnerable computers in the United States that had been compromised via the now-infamous ProxyLogon Microsoft Exchange vulnerabilities.
ProxyLogon comprises a group of security bugs affecting on-premises versions of Microsoft Exchange Server software for email. Microsoft last month warned that the bugs were being actively exploited by the Hafnium advanced persistent threat (APT); after that, other researchers said that 10 or more ...

Microsoft Exchange Servers See ProxyLogon Patching Frenzy
Threatpost • Tara Seals • 24 Mar 2021

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft.
The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that’s an improvement of 43 percent just since last week, Microsoft pointed out (using telemetry from RiskIQ).

ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE...

Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix
Threatpost • Tara Seals • 16 Mar 2021

As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept (PoC) whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity.
The good news, however, is that Microsoft has issued a one-click mitigation and remediation tool in light of the ongoing swells of attacks.
Researchers said that while advanced persistent threats (APTs) were the first to the game...

Microsoft Exchange Exploits Pave a Ransomware Path
Threatpost • Lindsey O'Donnell • 12 Mar 2021

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned.
The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws. The flaws can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers wi...

Microsoft Exchange Servers Face APT Attack Tsunami
Threatpost • Tara Seals • 11 Mar 2021

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers.
Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Four flaws can be chained together to create a pre-authentication rem...

Exchange servers under siege from at least 10 APT groups
welivesecurity • 10 Mar 2021

On 2021-03-02, Microsoft released out-of-band patches for Microsoft Exchange Server 2013, 2016 and 2019. These security updates fixed a pre-authentication remote code execution (RCE) vulnerability chain (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows an attacker to take over any reachable Exchange server, without even knowing any valid account credentials. We have already detected webshells on more than 5,000 email servers as of the time of writing, and according...

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
Threatpost • Lindsey O'Donnell • 09 Mar 2021

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall.
Included in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively exploited in the wild.
Four of the actively exploited flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065), found in Microsoft Exchange, were disclosed as part of an emerge...

How Symantec Stops Microsoft Exchange Server Attacks
Symantec Threat Intelligence Blog • Threat Hunter Team • 08 Mar 2021

Symantec's Intrusion Protection technology will block all attempted exploits of critical vulnerabilities.

Posted: 8 Mar, 20214 Min ReadThreat Intelligence SubscribeHow Symantec Stops Microsoft Exchange Server AttacksSymantec's Intrusion Protection technology will block all attempted exploits of critical vulnerabilities. Users of Microsoft Exchange Server are advised to update to the latest version immediately, as a growing number of attackers are attempting to exploit four recently patched zero-day vulnerabilities in the software.

Microsoft rele...

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks
BleepingComputer • Lawrence Abrams • 06 Mar 2021

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server.
On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in
. These vulnerabilities are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.
When chained together, these vulnerabilities are known as '
' and allow t...

Microsoft rushes out fixes for four zero‑day flaws in Exchange Server
welivesecurity • 04 Mar 2021

Microsoft has rushed out emergency updates to address four zero-day flaws affecting Microsoft Exchange Server versions 2013, 2016, and 2019. Threat actors have been observed exploiting the vulnerabilities in the wild to access on-premises Exchange servers, which allowed them to steal emails, download data, and compromise machines with malware for long-term access to the victim networks. Due to the severity of the threat, the Redmond tech titan is urging users to patch their systems immediately.<...

CISA Orders Federal Agencies to Patch Exchange Servers
Threatpost • Tara Seals • 04 Mar 2021

Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting four serious security vulnerabilities in Microsoft Exchange Server, the U.S. government is mandating patching for the issues.
The news comes as security firms report escalating numbers of related campaigns led by sophisticated adversaries against a range of high-value targets, especially in the U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergen...

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
Fireeye Threat Research • by Matt Bromiley, Chris DiGiamo, Andrew Thompson, Robert Wallace • 04 Mar 2021

Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint security solutions. Our investigation revealed that the files created on the Exchange servers were owned by the user NT AUTHORITY\SYSTEM, a privileged local account on the Windows operating system. Furthermore,...

State hackers rush to exploit unpatched Microsoft Exchange servers
BleepingComputer • Sergiu Gatlan • 03 Mar 2021

Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates.
Microsoft addressed four zero-days (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) exploited in the wild and three other vulnerabilities (CVE-2021-27078, CVE-2021-26854, and CVE-2021-26412).
Advanced persistent threat (APT) groups are currently using "at least" the CVE-2021-26855 Microsoft Exchange Server vul...

Microsoft's MSERT tool now finds web shells from Exchange Server attacks
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks.
On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in 
. These vulnerabilities are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.
Known as 'ProxyLogon,' these vulnerabilities are being used by Chinese state-sponsored threat actors to steal mailboxe...

Microsoft releases ProxyLogon updates for unsupported Exchange Servers
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.
These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.
Applying these security updates will only address the
 (tracked as CVE...

The Register

Patch Tuesday A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 other vulnerabilities as part of its monthly Patch Tuesday ritual.
All told, that makes 89 CVEs for the month, 14 of which have been deemed critical. Microsoft says two of these vulnerabilities (CVE-2021-26411 and CVE-2021-27077) are publicly known and ...