A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24th August 2021

Source: Microsoft

Software Affected: 

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013


Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.


Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.


Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.


Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.   


  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
  3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
  4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
  6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523

Check Also

Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)

Advisory No: TZCERT/SA/2022/08/17 Date of First Release: 17th August 2022 Source: Zimbra Software Affected:  Zimbra  8.8.15  and 9.0 Overview: …