Exploit released for Microsoft Exchange RCE bug, patch now

Maybe time to rethink your “we’ll host it ourselves” strategy…:

[…] Exchange admins have dealt with two massive waves of attacks since the start of 2021, targeting the ProxyLogon and ProxyShell security vulnerabilities.

State-backed and financially motivated threat actors used ProxyLogon exploits to deploy web shells, cryptominers, ransomware, and other malware starting with early March.

In these attacks, they targeted more than a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of organizations around the world.

Four months later, the US and its allies, including the EU, the UK, and NATO, officially blamed China for these widespread Microsoft Exchange hacking attacks.

In August, threat actors also began scanning for and breaching Exchange servers by exploiting ProxyShell vulnerabilities after security researchers reproduced a working exploit.

Even though payloads dropped using ProxyShell exploits were harmless in the beginning, attackers later switched to deploying LockFile ransomware payloads across Windows domains hacked using Windows PetitPotam exploits.

With this latest vulnerability (CVE-2021-42321), researchers are already seeing attackers scan for and attempt to compromise vulnerable systems.


Original Article