Although there are already patches for the ProxyShell vulnerability on Microsoft Exchange, these are not being used. This makes it easy for cybercriminals to further exploit the vulnerabilities and attack the systems. A comment from Tenable.
Recent reports show that a Hive ransomware strain is targeting many Microsoft Exchange Servers through the ProxyShell vulnerabilities. Claire Tills, Senior Research Engineer, Tenable, comments on why this is still possible.
Patches could close vulnerability
“Attackers continue to exploit the ProxyShell vulnerabilities, which were first disclosed more than eight months ago. They have proven to be a reliable source for attackers since their disclosure, although patches are available. Recent attacks by an offshoot of the Hive ransomware group are fueled by the ubiquity of Microsoft Exchange and the apparent delays in patching these months-old vulnerabilities.
Organizations around the world and across multiple industries use Microsoft Exchange for critical business functions, making it an ideal target for attackers. The exploit chain allows attackers to elevate their privileges and then run code remotely. The availability of proof-of-concept makes it easy for them to adopt this tactic into their playbooks. Because the ProxyShell chain goes from function bypass to privilege escalation to remote code execution, it reduces the number of reconnaissance and intermediate steps attackers need to infiltrate target systems.”
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.