Quote:As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept (PoC) whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity.
The good news, however, is that Microsoft has issued a one-click mitigation and remediation tool in light of the ongoing swells of attacks.
Researchers said that while advanced persistent threats (APTs) were the first to the game when it comes to hacking vulnerable Exchange servers, the public PoCs mean that the cat is officially out of the bag, meaning that less sophisticated cybercriminals can start to leverage the opportunity.
“APTs…can reverse engineer the patches and make their own PoCs,” Roger Grimes, data-driven defense evangelist at KnowBe4, told Threatpost. “But publicly posted PoCs mean that the thousands of other hacker groups that don’t have that level of sophistication can do it, and even those groups that do have that sophistication can do it faster.”
After confirming the efficacy of one of the new public PoCs, security researcher Will Dorman of CERT/CC tweeted, “How did I find this exploit? Hanging out in the dark web? A hacker forum? No. Google search.”
Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange servers.
Four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment.
Read more: Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
