ProxyShell Vulnerability
This blog contains information about the ProxyShell vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This blog contains information about the ProxyShell vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update August 10, 2021
13:00 | Security researcher Orange Tsai, who discovered the ProxyLogon vulnerability, has published a new vulnerability known as ProxyShell. ProxyShell is a combination of 3 vulnerabilities, which provide unauthenticated remote code execution on Microsoft Exchange servers. Several sources confirm active scanning for the vulnerability, with limited successful exploitation.
Background
Risk
The following CVE references belong to this vulnerability.
- CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April – KB5001779)
- CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April – KB5001779)
- CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May – KB5003435)
Advice
Patches have been available since April and May 2021. Tesorion urgently advices is to install the patches immediately on your Exchange environment.
Sources
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
