Microsoft Exchange Server ProxyShell Attacks: MSSPs and MSPs Must Patch Vulnerabilities

Cyberattacks against on-premises Microsoft Exchange Server email systems continue. MSSPs and MSPs that monitor, manage, support and/or secure the email server for customers can either migrate to Microsoft 365 cloud services — or patch ProxyShell vulnerabilities known as CVE-2021-34473CVE-2021-34523, and CVE-2021-31207, according to a CISA (Cybersecurity and Infrastructure Security Agency) alert.

The CISA alert, issued August 21, 2021, stated:

“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”

What the ProxyShell & Exchange Attacks Mean

Stated another way: The ProxyShell attack allows hackers to install a backdoor for later access and post-exploitation, according to Huntress, a provider of MDR (managed detection and response) security services to MSPs.

For more on the MSP and MSSP implications, see this ongoing update from Perch Security, an MDR and co-managed services specialist owned by ConnectWise.

Microsoft credited Orange Tsai (@orange_8361) from DEVCORE Research Team (working with Trend Micro Zero Day Initiative) for documenting the Microsoft Exchange attack surface details.

Microsoft Exchange Server: Popular Cyberattack Vector

Cyberattacks against Microsoft Exchange Server have generated repeated headlines, particularly in calendar year 2021.

Indeed, the United States and several allies in July 2021 blamed hackers associated with China’s government for various Microsoft Exchange Server cyberattacks and email hack. The hack, first reported in Q1 of 2021, impacted thousands of on-premises email customers, small businesses, enterprises and government organizations worldwide.

Earlier alerts about Exchange Server cyberattacks include :

  1. Microsoft Advisory: Multiple Security Updates Released for Exchange Server
  2. Microsoft Blog: HAFNIUM targeting Exchange Servers with 0-day exploits
  3. Microsoft GitHub Repository: CSS-Exchange
  4. CISA Alert from March 2021: Mitigate Microsoft Exchange Server Vulnerabilities
  5. CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *