A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24th August 2021

Source: Microsoft

Software Affected: 

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013

Overview:

Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.

Description:

Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.   

References:

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
  3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
  4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
  6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523

Check Also

Azure Cosmos DB Jupyter Notebook Feature vulnerability

Advisory No: TZCERT/SA/2021/08/31 Date of First Release: 31st August 2021 Source: Microsoft Software Affected:  Azure Cosmos DB  Overview: The …