Microsoft Exchange Server Remote Code Execution Vulnerability
Published: 2021-08-09
Three vulnerabilities from DEVCORE researcher Orange Tsai could be chained to achieve unauthenticated remote code execution. Attackers are searching for vulnerable instances to exploit. Update August 23: The Analysis section has been updated with information about exploitation of this vulnerability chain. Organizations should update immediately.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
https://therecord.media/fbi-says-bianlian-based-in-russia-switching-tactics
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://securelist.com/new-tropic-trooper-web-shell-infection/113737/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
https://unit42.paloaltonetworks.com/operation-diplomatic-specter/
https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html
https://securelist.com/vulnerability-report-q1-2024/112554/
https://www.tenable.com/blog/microsofts-feb-2024-patch-tuesday-cve-2024-21351-cve-2024-21412
https://www.zscaler.com/blogs/security-research/retrospective-avoslocker
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://duo.com/decipher/hive-ransomware-attacks-target-fortios-microsoft-exchange-flaws
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.securityweek.com/babuk-ransomware-seen-exploiting-proxyshell-vulnerabilities/
https://www.zerodayinitiative.com/advisories/ZDI-21-821/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473
http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html