Geeks for your information News Privacy & Security News v
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  25 March 21, 17:42
Quote:The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft.
 
The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that’s an improvement of 43 percent just since last week, Microsoft pointed out (using telemetry from RiskIQ).
 
ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment.
 
The good news on patching comes as a whirlwind of ProxyLogon cyberattacks has hit companies across the globe, with multiple advanced persistent threats (APT) and possibly other adversaries moving quickly to exploit the bug. A spate of public proof-of-concept exploits has added fuel to the fire – which is blazing so bright that F-Secure said on Sunday that hacks are occurring “faster than we can count,” with tens of thousands of machines compromised.
 
“To make matters worse, proof-of-concept automated attack scripts are being made publicly available, making it possible for even unskilled attackers to quickly gain remote control of a vulnerable Microsoft Exchange Server,” according to F-Secure’s writeup. “There is even a fully functioning package for exploiting the vulnerability chain published to the Metasploit application, which is commonly used for both hacking- and security testing. This free-for-all attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic script kiddies.”
 
The attackers are using ProxyLogon to carry out a range of attacks, including data theft and the installation of malware, such as the recently discovered “BlackKingdom” strain. According to Sophos, the ransomware operators are asking for $10,000 in Bitcoin in exchange for an encryption key.

Read more: Microsoft Exchange Servers See ProxyLogon Patching Frenzy | Threatpost
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, Mohammad.Poorya
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Revo Uninstaller Pro Updates
Revo Uninstaller P...Mohammad.Poorya — 18:44
K-Lite Codec Pack 19.4.5 / 19.4.8 Update
Changes in 19.4.8 ...harlan4096 — 07:29
Antivirus Removal Tool 2026.02 (v.1)
An updated version...harlan4096 — 07:28
AMD suggests it may open-source FSR 4 a...
AMD still has nothin...harlan4096 — 17:21
Intel Arc G3 Panther Lake series for han...
Intel G3 with LPDD...harlan4096 — 07:32

[-]
Birthdays
Today's Birthdays
avatar (47)hapedDow
avatar (46)komriwat
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)myhotseeve
avatar (46)Edwinmub
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (50)listfquoto
avatar (46)dima6sarPrave
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>