ANNOUNCEMENT: Security On-Demand Announces ThreatWatch Response and Remediation Service | SEE RELEASE
HR Photos for Marina

“ProxyShell” & “ProxyLogon” Patch Reminder

Patch Notice

Summary

Security On-Demand’s Threat Recon Unit is issuing a patch reminder for vulnerabilities that exist in Microsoft Exchange servers.  We have previously reported on these patches and recommend patching any vulnerable systems that may not have received previous patches.

We are observing that threat groups are actively scanning for the vulnerable Exchange Servers, searching for the ability to exploit the vulnerabilities dubbed “ProxyShell” and “ProxyLogon.”  Patches for these vulnerabilities have been available since April and May 2021.

Details

Below, you’ll find the vulnerabilities that are scanned for in the wild. Chained together, these vulnerabilities can lead to a complete takeover of vulnerable servers.  We highly recommend patching these systems if they have not been patched since April 2021.

CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-34523 – Microsoft Exchange Server Escalation of Privilege Vulnerability

CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability

Affected versions

Microsoft Exchange Server 2013

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates.  If you have any questions about this alert, please contact your Security On-Demand Customer Success Manager.

Sources

CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-34523 – Microsoft Exchange Server Escalation of Privilege Vulnerability

CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability

Redmondmag – Proxy Shell Vulnerabilities

Bleeping Computer – Proxy Shell Exploits