Geeks for your information News Privacy & Security News v
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  25 March 21, 17:42
Quote:The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft.
 
The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that’s an improvement of 43 percent just since last week, Microsoft pointed out (using telemetry from RiskIQ).
 
ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment.
 
The good news on patching comes as a whirlwind of ProxyLogon cyberattacks has hit companies across the globe, with multiple advanced persistent threats (APT) and possibly other adversaries moving quickly to exploit the bug. A spate of public proof-of-concept exploits has added fuel to the fire – which is blazing so bright that F-Secure said on Sunday that hacks are occurring “faster than we can count,” with tens of thousands of machines compromised.
 
“To make matters worse, proof-of-concept automated attack scripts are being made publicly available, making it possible for even unskilled attackers to quickly gain remote control of a vulnerable Microsoft Exchange Server,” according to F-Secure’s writeup. “There is even a fully functioning package for exploiting the vulnerability chain published to the Metasploit application, which is commonly used for both hacking- and security testing. This free-for-all attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic script kiddies.”
 
The attackers are using ProxyLogon to carry out a range of attacks, including data theft and the installation of malware, such as the recently discovered “BlackKingdom” strain. According to Sophos, the ransomware operators are asking for $10,000 in Bitcoin in exchange for an encryption key.

Read more: Microsoft Exchange Servers See ProxyLogon Patching Frenzy | Threatpost
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, Mohammad.Poorya
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Kaspersky\VPN\KSOS 21.23 & KES 12.11 bet...
harlan4096 — 08:55
ESET 18.2.18
A quick hotfix for...harlan4096 — 08:53
AdGuard Browser Extension 5.1.145 (MV3 s...
AdGuard Browser Ex...harlan4096 — 08:50
Brave 1.82.166
Release Channel 1....harlan4096 — 08:49
NVIDIA GeForce Game Ready 581.29 driver
Highlights  Gam...harlan4096 — 08:48

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (38)fapedDow
avatar (48)pohudidere
avatar (48)rarinsWax
avatar (25)DianaBrown
avatar (38)eqiduseb
avatar (45)ThomasLYDAY
avatar (40)upakoExapy
avatar (50)diplomasync
avatar (49)Myronjax
avatar (49)skepwHug
avatar (38)RicardoGoase
avatar (42)Edwardgef
avatar (43)Denpokhew
avatar (35)azidony
avatar (40)maskbSleew

[-]
Online Staff
There are no staff members currently online.

>