Cyberattacks against on-premises Microsoft Exchange Server email systems continue. MSSPs and MSPs that monitor, manage, support and/or secure the email server for customers can either migrate to Microsoft 365 cloud services — or patch ProxyShell vulnerabilities known as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, according to a CISA (Cybersecurity and Infrastructure Security Agency) alert.
“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”
What the ProxyShell & Exchange Attacks Mean
Stated another way: The ProxyShell attack allows hackers to install a backdoor for later access and post-exploitation, according to Huntress, a provider of MDR (managed detection and response) security services to MSPs.