ProxyShell Attacks targeting Microsoft Exchange Servers - CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

Published On: Aug 26, 2021 07:15

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24th August 2021

Source: Microsoft

Software Affected: 

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013

Overview:

Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities.

Description:

Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates. 

References:

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
  3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
  4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
  6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident