This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation of URI prior to accessing resources. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
microsoft exchange server 2013
microsoft exchange server 2016
microsoft exchange server 2019
As of Friday – as in, shopping-on-steroids Black Friday – retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads.
BleepingComputer got a look at internal emails – one of which is replicated below – that warned employees of the attack, which was targeting the company’s internal email inboxes. The phishing emails were coming from internal IKEA email addresses, as well as from the syst...
A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other nastiness.
A joint advisory published by CISA on Wednesday was meant to highlight the ongoing, malicious cyber assault, which has been tracked by the FBI, the U.S. Cybersecurity and Infrastructur...
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware.
Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12.
Tortilla, an actor that’s been operating since July, is predominantly targeting U.S. victims. It’s also hurling a smaller number of...
A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks.
Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they...
Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.
All this started with
, a member of Recorded Future's CSIRT (computer security incident response team), on Twitter over the weekend.
Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different s...
In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting the following versions of on-premises Microsoft Exchange Servers.
Exchange Server 2013 (Cumulative Update 23 and below)
Exchange Server 2016 (Cumulative Update 20 and below)
Exchange Server 2019 (Cumulative Update 9 and below)...
Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month.
The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately.
“Our recommendation, as always, is to install the latest CU and SU on a...
Over the weekend, the Cybersecurity & Infrastructure Security Agency (CISA) issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.
Security researchers at Huntress reported seeing ProxyShell vulnerabilities being actively exploited throughout the month of August to install backdoor access once the ProxyShell e...
Get our weekly newsletter Plus: eBPF Foundation emerges, Exchange severs probed for ProxyShell holes, and more
In brief If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication – and you need to change that.
In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like. From 1600 UTC (1700 BST, 0900 PST) on Friday, that shutdown will come into effect. As such, you'll need to use authentication tokens to complete your Git operations with GitHub.
Four flaws already being abused in the wild to compromise victims
Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates.
The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate. Normally, we'd encourage you to install these updates, testing them as appropriate prior to deployment, before miscreants develop exploits for them. However, four of these holes are already being exploited i...
Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as moderate in severity.
Bugs under active attack include a critical scripting engine memory corruption (CVE-2021-34448) flaw and two additional Windows kernel elevation-of-privilege vulnerabilities (CVE-20...
The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.
"Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207," CISA
over the weekend.
"CISA strongly urges organizations to identify vulnerable systems on their networks and im...