720-891-1663

Return to the list of client alerts

CISA Warning: Urgent Exchange Patch

IT admins can’t seem to catch a break these days.

DHS CISA issued its first alert tagged URGENT this week.

“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207,” CISA warned over the weekend.

CISA warns admins to urgently patch Exchange ProxyShell bugs (bleepingcomputer.com)

CISA says that companies need to identify on-premise Exchange servers that are vulnerable and patch them immediately since vulnerable servers are under attack.

Microsoft released a security update in May that patches all three flaws. Unsurprisingly, many companies have not deployed the patches.

Attackers are scanning for vulnerable systems and then attacking them.

After the hackers compromise a vulnerable server they install a web shell that allows them to upload files and execute malicious tools, including ransomware.

Huntress Labs found over 140 web shells deployed by hackers on more than 1,900 compromised Exchange Servers.

Shodan reports tens of thousands of vulnerable servers, most in the US and Germany.

Credit: Bleeping Computer