Another proof of concept has been released that discovered the new exploit in Microsoft Exchange that needs some modifications while running the web shells and make the server more vulnerable and active the ProxtLogon vulnerability.
Since Microsoft shared the details about this new exploit present in Microsoft Exchange security that also named as ProxyLogon, the admins and the researchers are analyzing the vulnerability while protecting the server that was exposed on the Internet.
How this Started?
These attacks use web shells, crypto miners, and other versions of DearCry ransomware that were already activated in the server. The security researcher also shared all the relevant information that contains the details of the proof of concept exploit of ProxyLogon vulnerability.
This all started, when the experts are performing the test that is not executed correctly and they will crash after some errors are spotted in the reader. However, that PoC is also driven by the accurate information that the researcher and the attackers used while establishing the remote connection that could exploit of vulnerability present in Microsoft Exchange servers.
After the PoC got published the researcher also got the email from Microsoft that state these proof are taken down because they violated the user policies.
Whereas GitHub stated that they took down the PoC while protecting other devices that can be exploited using this information. They also added that
“We are totally understand that the researcher that published and distribute this proof of concept that contains the exploit code and other research value of the community may risk our safe ecosystems and it also penetrate our balance. While maintaing the user privacy and safety, GitHub take down all the reports or any information that contains the detail of PoC.”
What Happened Next?
This weekend, another research published the new or updated vulnerability that needs some little modification while exploiting the vulnerability present in Microsoft server and web shell. According to the security researched the Vulnerability is ready to be exploited by doing some modification. The researcher also shared an image in which they can exploit the vulnerability and establish the remote connection using the webshell and with the help of the whoami command that they used.
The security research also shared another image that shows that the test was successfully executed in the selected location on the server.
Multiple researchers also verified these tests against the Microsoft Exchange server but didn’t verify the PoC. They also said that they tested the new PoC that remained unpatched from
2016 and not fixed yet.
They are agreed with the assessment executed by other researchers and also said that the PoC makes it easier for the attackers to execute such attacks on the Microsoft Exchange server respectively.
Various vulnerabilities are present in the server makes it more exploitable on the Internet.
Other Vulnerabilities Present on Microsoft Exchange Server
According to the investigation, there is more than 80,000 vulnerability are still present in the Microsoft Exchange server that is publicly availed and the most important part is that the administrator is haven’t applied the complete patch.
The number of vulnerabilities running on the Old server of Exchange may not directly be patched with the security update which is estimated from 125,000 to 80,000 according to the test conducted between March 8 and 11.
Whereas Microsoft also warned the users to drop this vulnerability and applied the patch that was needed. Based on the reports of an organization named RiskIQ, there are total no of vulnerability present is near about 400,000 and these are rapidly increasing as the test is performing by other experts to near about 100,000 servers are still at risk. Multiple servers are still running the older version and did not apply the updated security patched.
While maintaining user security and privacy, Microsoft also released other security updates for the users who are still running the older version of Exchange. These updates fixed 95% of the servers that were exposed on the Internet for further attacks.
