Microsoft released a security update in May 2021 revealing three actively exploited ProxyShell vulnerabilities on Microsoft Exchange Servers. These vulnerabilities allowed threat actors to breach the servers and drop web shells that allow them to upload and execute malicious tools.
Although they patched the Proxyshell bugs right away, Microsoft didn’t assign the CVE IDs until July 2021, which left many organisations ignorant to the vulnerable systems on their network.
Hackers, on the other hand, immediately went on the hunt for vulnerable Microsoft Exchange servers and compromised over 1900 servers.
Now CISA has released an urgent warning to “identify vulnerable systems on your networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks”.
The NSA has also reminded defenders this weekend that they published guidance back in March on hunting for web shells. This too is a great step to protect from Proxyshell attacks.
There’s one easy way to stay on top of this.
Take a look at the free trial for Centraleyes’s cloud-based, centralized Cyber Security Platform:
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days
Read more about Proxyshell attacks and remediation:
https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-urgently-patch-exchange-proxyshell-bugs/.