Threat actors have begun to exploit Microsoft Exchange Server vulnerabilities to deliver web shells that grant them access to the compromised server.
Orange Tsai, principal researcher at DEVCORE, has revealed the specifics of three Exchange vulnerabilities that can be used by remote, unauthenticated attackers to gain control of vulnerable systems.
The vulnerabilities – CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 are all grouped together as ProxyShell.
Cybersecurity company Rapid7 explained in a blog post, “When chained, these vulnerabilities allow the attacker to bypass ACL controls, send a request to a PowerShell back-end, and elevate privileges, effectively authenticating the attacker and allowing for remote code execution.”
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.