Microsoft Exchange Server Hacked Via ProxyShell Exploits

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.

According to a recent update released by security researcher Kevin Beaumont and NCC Group vulnerability researcher Rich Warren, ProxyShell is an attack that uses three linked Microsoft Exchange vulnerabilities to execute unauthenticated remote code.

Devcore Principal Security Researcher, Orange Tsai revealed that the ProxyShell exploits use Microsoft Exchange’s AutoDiscover feature to conduct an SSRF attack. Warren’s example, shared with BleepingComputer, showed that the web shells consist of a simple authentication-protected script that threat actors can use to upload files to the compromised Microsoft Exchange server.

Since threat actors are already exploiting vulnerable Microsoft Exchange servers, Beaumont advises administrators to perform Azure Sentinel queries to confirm whether or not their devices have been scanned, and advises those who have recently updated their Microsoft Exchange server to do so immediately.

For more information, read the original story in BleepingComputer.

Microsoft Exchange Server Hacked Via ProxyShell Exploits

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered