A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24th August 2021

Source: Microsoft

Software Affected: 

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013


Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.


Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.


Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.


Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.   


  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
  3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
  4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
  6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523

Check Also

Log4Shell: Apache Log4j Remote Code Execution (CVE-2021-44228)

Advisory No: TZCERT/SA/2021/12/14 Date of First Release: 14th December 2021 Source: Apache Software Affected: All versions of Log4j from 2.0-beta9 …