First published: 30 Sep 2022
Last updated: 10 Oct 2022

Content written for

Small & medium business
Large organisations & infrastructure
Government

Background / What has happened?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Server 2013, 2016 and 2019 (Exchange). Whilst the ASD's ACSC has seen exploitation attempts we are not aware of successful exploitation within Australia.

Microsoft has released information on the vulnerabilities, along with mitigations and detections:

CVE’s have been assigned:

Historical CVE’s related to ProxyShell:

  • CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
  • CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
  • CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)

Mitigation / How do I stay secure?

Refer to Microsoft advice, which contains mitigation and detections advice. Additional information can be found in Microsofts blog.

Organisations that have not deployed mitigations at this point, or who have seen successful exploitation should look for post exploitation activity including deployment of webshells.

Assistance / Where can I go for help?

The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD's ACSC via cyber.gov.au/report or 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it