Summary
Security On-Demand’s Threat Recon Unit is issuing a patch reminder for vulnerabilities that exist in Microsoft Exchange servers. We have previously reported on these patches and recommend patching any vulnerable systems that may not have received previous patches.
We are observing that threat groups are actively scanning for the vulnerable Exchange Servers, searching for the ability to exploit the vulnerabilities dubbed “ProxyShell” and “ProxyLogon.” Patches for these vulnerabilities have been available since April and May 2021.
Details
Below, you’ll find the vulnerabilities that are scanned for in the wild. Chained together, these vulnerabilities can lead to a complete takeover of vulnerable servers. We highly recommend patching these systems if they have not been patched since April 2021.
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-34523 – Microsoft Exchange Server Escalation of Privilege Vulnerability
CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
Affected versions
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
SOD Actions
The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. If you have any questions about this alert, please contact your Security On-Demand Customer Success Manager.
Sources
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-34523 – Microsoft Exchange Server Escalation of Privilege Vulnerability
CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
