Actively exploited critical vulnerabilities in Microsoft Exchange; update now

A group of cybersecurity specialists published a proof of concept (PoC) for exploiting a set of ProxyLogon vulnerabilities that reside on Microsoft Exchange servers. These flaws would have already been exploited by threat actors in the wild, although public disclosure of a proof of concept could increase cases of active exploitation.

Those responsible for this proof of concept published the exploit code on GitHub, as well as posting a full overview of this security risk on their Medium profile, although the original post is written in Vietnamese. Previously, some alleged proof of concept codes had been published for these flaws, even though they were fake publications or with serious errors that did not allow their proper functioning.

In the case of a new exploit, everything is much more serious, experts warn. For example, researcher Markus Hutchins put it this way: “I confirm that the newly published proof of concept exploit designed to run remote code is fully functional. At this stage, it contains several errors, but with the help of several fixes it is possible to install the shell in a test environment.”

Cybersecurity community representatives mention that this new proof of concept is able to exploit vulnerabilities tracked as CVE-2021-26855 and CVE-2021-27065, allowing threat actors to authenticate to the target Exchange server and execute malicious code with relative ease.    

Hutchins adds that the published code is ready for immediate use: “It’s no surprise that this proof of concept is functional, as it was published after a detailed analysis of ProxyLogin vulnerabilities by Praetorian,” the expert adds. In separate reports, other members of the cybersecurity community mention that at least 10 groups of threat actors could be exploiting these flaws in real-world scenarios, so users should install updates issued by Microsoft as soon as possible.

This is a sign of the need to be aware of the latest security updates, which has become the main measure to prevent the exploitation of dangerous security flaws. To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.