Microsoft Exchange Servers See ProxyLogon Patching Frenzy

March 24, 2021 – Article posted on threatpost

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft…

…ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment…

…The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers around the world, as of Wednesday…

Victor Wieczorek, practice director for Threat & Attack Simulation at GuidePoint Security, noted that some organizations not structured or resourced to patch effectively against ProxyLogon.

“This is because, 1) a lack of accurate asset inventory and ownership information; and 2) lag time to vet patching for negative impacts on the business and gain approval from asset/business owners to patch,” he told Threatpost. “If you don’t have an accurate inventory with a high level of confidence, it takes a long time to hunt down affected systems. You have to determine who owns them and if applying the patch would negatively impact the system’s function. Responsible and timely patching takes lots of proactive planning and tracking.”

Read more HERE.