Skip to main content

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.

The Australian Cyber Security Centre (ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

Alert status
LOW

Background / What has happened?

The Australian Cyber Security Centre (ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Server 2013, 2016 and 2019 (Exchange). Whilst the ACSC has seen exploitation attempts we are not aware of successful exploitation within Australia.

Microsoft has released information on the vulnerabilities, along with mitigations and detections:

CVE’s have been assigned:

Historical CVE’s related to ProxyShell:

  • CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
  • CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
  • CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)

Mitigation / How do I stay secure?

Refer to Microsoft advice, which contains mitigation and detections advice. Additional information can be found in Microsofts blog.

Organisations that have not deployed mitigations at this point, or who have seen successful exploitation should look for post exploitation activity including deployment of webshells.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via cyber.gov.au/report or 1300 CYBER1 (1300 292 371).

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it